11241100x8000000000000000333354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f16f9495c1297c02021-12-21 10:21:51.443root 11241100x8000000000000000333355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3424df29f1f737732021-12-21 10:21:51.443root 11241100x8000000000000000333356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f657d6a0b1414e372021-12-21 10:21:51.443root 11241100x8000000000000000333357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ea85770858de42021-12-21 10:21:51.443root 11241100x8000000000000000333358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4139d44e6fdecbfc2021-12-21 10:21:51.443root 11241100x8000000000000000333359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200d8820365424c2021-12-21 10:21:51.443root 11241100x8000000000000000333360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dd6a0ac1c2425d2021-12-21 10:21:51.443root 11241100x8000000000000000333361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadc76a1cda4d9192021-12-21 10:21:51.444root 11241100x8000000000000000333362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f795ce8dadd39b2021-12-21 10:21:51.444root 11241100x8000000000000000333363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8169f5469b8544242021-12-21 10:21:51.444root 11241100x8000000000000000333364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a6008352066072021-12-21 10:21:51.444root 11241100x8000000000000000333365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd855411563a0402021-12-21 10:21:51.444root 11241100x8000000000000000333366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583f5500e0e9d8982021-12-21 10:21:51.444root 11241100x8000000000000000333367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487ca5be4ba35aec2021-12-21 10:21:51.444root 11241100x8000000000000000333368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b51af42119e7812021-12-21 10:21:51.444root 11241100x8000000000000000333369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f351fe417b84352d2021-12-21 10:21:51.444root 11241100x8000000000000000333370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585527e65659cabf2021-12-21 10:21:51.445root 11241100x8000000000000000333371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b9d95ed7ebb8672021-12-21 10:21:51.445root 11241100x8000000000000000333372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6241c5606069482021-12-21 10:21:51.445root 11241100x8000000000000000333373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c47b25dfd006b82021-12-21 10:21:51.445root 11241100x8000000000000000333374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a3f80c7d2058c72021-12-21 10:21:51.445root 11241100x8000000000000000333375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18de439912550762021-12-21 10:21:51.445root 11241100x8000000000000000333376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ea1df9b59b6a6f2021-12-21 10:21:51.445root 11241100x8000000000000000333377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866ed20e4c730ae2021-12-21 10:21:51.445root 11241100x8000000000000000333378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c818f5710d4e3e2021-12-21 10:21:51.446root 11241100x8000000000000000333379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18575c0b339fad182021-12-21 10:21:51.446root 11241100x8000000000000000333380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7704aa5dc0ebf2021-12-21 10:21:51.446root 11241100x8000000000000000333381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717dcaeda75cadc2021-12-21 10:21:51.446root 11241100x8000000000000000333382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e870bd5771a382021-12-21 10:21:51.447root 11241100x8000000000000000333383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f03ff1842ff9e5c2021-12-21 10:21:51.447root 11241100x8000000000000000333384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0a6875ba4fce922021-12-21 10:21:51.447root 11241100x8000000000000000333385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade492dde0070552021-12-21 10:21:51.447root 11241100x8000000000000000333386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb220fe5a3b1e132021-12-21 10:21:51.447root 11241100x8000000000000000333387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf01a265eac3cc52021-12-21 10:21:51.447root 11241100x8000000000000000333388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fb6270a7aa3e472021-12-21 10:21:51.447root 11241100x8000000000000000333389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2681c6951abbd0fe2021-12-21 10:21:51.448root 11241100x8000000000000000333390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19170866aa3db8712021-12-21 10:21:51.448root 11241100x8000000000000000333391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6af6559cccfa5e2021-12-21 10:21:51.448root 11241100x8000000000000000333392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfee595582bbfa5d2021-12-21 10:21:51.448root 11241100x8000000000000000333393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcf016d09ea98a12021-12-21 10:21:51.448root 11241100x8000000000000000333394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327d3ccb8f2c6f62021-12-21 10:21:51.448root 11241100x8000000000000000333395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd606b9a67ddae8c2021-12-21 10:21:51.448root 11241100x8000000000000000333396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c5e2ee46343fd72021-12-21 10:21:51.448root 11241100x8000000000000000333397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2306e46e8d34fa2021-12-21 10:21:51.448root 11241100x8000000000000000333398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a12e45a1424052021-12-21 10:21:51.448root 11241100x8000000000000000333399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94bd982cbf2114c2021-12-21 10:21:51.448root 11241100x8000000000000000333400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96c5efc4c199c152021-12-21 10:21:51.448root 11241100x8000000000000000333401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78de29495e0cc0e2021-12-21 10:21:51.943root 11241100x8000000000000000333402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf96ed7cb20456c2021-12-21 10:21:51.943root 11241100x8000000000000000333403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e46d92b05369212021-12-21 10:21:51.943root 11241100x8000000000000000333404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db08810f1baaccbe2021-12-21 10:21:51.943root 11241100x8000000000000000333405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627c0705de76b492021-12-21 10:21:51.944root 11241100x8000000000000000333406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec531159054e62ac2021-12-21 10:21:51.944root 11241100x8000000000000000333407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efeaef699332bcb2021-12-21 10:21:51.944root 11241100x8000000000000000333408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24575d6543d7d55f2021-12-21 10:21:51.944root 11241100x8000000000000000333409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbac8b2c42257e02021-12-21 10:21:51.944root 11241100x8000000000000000333410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521d12359078e94b2021-12-21 10:21:51.944root 11241100x8000000000000000333411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b600daa4a204b2021-12-21 10:21:51.945root 11241100x8000000000000000333412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933d6c96a1a419732021-12-21 10:21:51.945root 11241100x8000000000000000333413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c066a51499245a52021-12-21 10:21:51.945root 11241100x8000000000000000333414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4253283144e2a0f22021-12-21 10:21:51.945root 11241100x8000000000000000333415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8734f877401eb232021-12-21 10:21:51.945root 11241100x8000000000000000333416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d8967327526f1a2021-12-21 10:21:51.945root 11241100x8000000000000000333417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16acde24eec9026c2021-12-21 10:21:51.946root 11241100x8000000000000000333418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50647ca62bd05252021-12-21 10:21:51.946root 11241100x8000000000000000333419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603e42a93759074b2021-12-21 10:21:51.946root 11241100x8000000000000000333420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13550e92ac91e4512021-12-21 10:21:51.946root 11241100x8000000000000000333421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ef07177925db22021-12-21 10:21:51.946root 11241100x8000000000000000333422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47245d94cd85b642021-12-21 10:21:51.946root 11241100x8000000000000000333423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f554278d2df1b5f12021-12-21 10:21:51.946root 11241100x8000000000000000333424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64c8ba5627443e52021-12-21 10:21:51.946root 11241100x8000000000000000333425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc14f66213a23fb2021-12-21 10:21:51.947root 11241100x8000000000000000333426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42302acd64ae76752021-12-21 10:21:51.947root 11241100x8000000000000000333427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f1f8e017f53552021-12-21 10:21:51.947root 11241100x8000000000000000333428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455767abb3cad9992021-12-21 10:21:51.947root 11241100x8000000000000000333429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f77dfa022bf5f2021-12-21 10:21:51.947root 11241100x8000000000000000333430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f24913ae534112021-12-21 10:21:51.947root 11241100x8000000000000000333431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0180c9364c839c82021-12-21 10:21:51.947root 11241100x8000000000000000333432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e99e86e60d6ddd2021-12-21 10:21:51.947root 11241100x8000000000000000333433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110d5d7f7cb5e2ba2021-12-21 10:21:51.948root 11241100x8000000000000000333434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf28bb50c63a3c82021-12-21 10:21:51.948root 11241100x8000000000000000333435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7f1197badfeb322021-12-21 10:21:51.948root 11241100x8000000000000000333436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a305169d0e843af2021-12-21 10:21:51.948root 11241100x8000000000000000333437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138d678fb60d58a32021-12-21 10:21:51.948root 11241100x8000000000000000333438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa10fcc034e4422021-12-21 10:21:51.948root 11241100x8000000000000000333439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068a648b129a897c2021-12-21 10:21:51.948root 11241100x8000000000000000333440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bafb9f9deff143c2021-12-21 10:21:52.443root 11241100x8000000000000000333441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c9949a84d8794a2021-12-21 10:21:52.443root 11241100x8000000000000000333442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0bfb7841c37de72021-12-21 10:21:52.443root 11241100x8000000000000000333443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63e301e4baaec022021-12-21 10:21:52.444root 11241100x8000000000000000333444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2977ce84a99852542021-12-21 10:21:52.444root 11241100x8000000000000000333445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f8594143eb0452021-12-21 10:21:52.444root 11241100x8000000000000000333446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879485a718c9ca6e2021-12-21 10:21:52.444root 11241100x8000000000000000333447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8749deb16d19b3bc2021-12-21 10:21:52.444root 11241100x8000000000000000333448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80294cb0fea942c92021-12-21 10:21:52.444root 11241100x8000000000000000333449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d753023d8e0e981a2021-12-21 10:21:52.445root 11241100x8000000000000000333450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca5a756a5d74a9a2021-12-21 10:21:52.445root 11241100x8000000000000000333451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a104771cb4c7ff2021-12-21 10:21:52.445root 11241100x8000000000000000333452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47804de8b7b93b312021-12-21 10:21:52.445root 11241100x8000000000000000333453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920bc030844a3c182021-12-21 10:21:52.445root 11241100x8000000000000000333454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75147de57e4836cd2021-12-21 10:21:52.445root 11241100x8000000000000000333455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8482cc068ad2c6db2021-12-21 10:21:52.445root 11241100x8000000000000000333456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fd316a8a0339e92021-12-21 10:21:52.445root 11241100x8000000000000000333457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf546a9d4c9d3772021-12-21 10:21:52.446root 11241100x8000000000000000333458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e771be534ff3d2b2021-12-21 10:21:52.446root 11241100x8000000000000000333459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e65380a3028b9a2021-12-21 10:21:52.446root 11241100x8000000000000000333460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b833155e7fdb4d2021-12-21 10:21:52.446root 11241100x8000000000000000333461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b71d1dac0f006c2021-12-21 10:21:52.446root 11241100x8000000000000000333462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05d566b6513b2702021-12-21 10:21:52.447root 11241100x8000000000000000333463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e0fce63055a3dc2021-12-21 10:21:52.447root 11241100x8000000000000000333464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226effe708bb59b2021-12-21 10:21:52.447root 11241100x8000000000000000333465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa15efd06724a22021-12-21 10:21:52.447root 11241100x8000000000000000333466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cee1dccbc728e52021-12-21 10:21:52.448root 11241100x8000000000000000333467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cb3e5ab62c4c222021-12-21 10:21:52.448root 11241100x8000000000000000333468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9fdbde138f63712021-12-21 10:21:52.448root 11241100x8000000000000000333469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697989e03787fb632021-12-21 10:21:52.448root 11241100x8000000000000000333470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50260f8191ed91cc2021-12-21 10:21:52.448root 11241100x8000000000000000333471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c6c6e56d4a553e2021-12-21 10:21:52.448root 11241100x8000000000000000333472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e68bc44348553f92021-12-21 10:21:52.448root 11241100x8000000000000000333473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03491449a730a6f72021-12-21 10:21:52.448root 11241100x8000000000000000333474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0964b1f02f32e862021-12-21 10:21:52.448root 11241100x8000000000000000333475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b6429b0cc9a6e2021-12-21 10:21:52.449root 11241100x8000000000000000333476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e648b8ebe75e092021-12-21 10:21:52.449root 11241100x8000000000000000333477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716940ab8210e6eb2021-12-21 10:21:52.943root 11241100x8000000000000000333478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15e4490cc49d0f12021-12-21 10:21:52.943root 11241100x8000000000000000333479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8699fec4c4ddd42021-12-21 10:21:52.943root 11241100x8000000000000000333480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57535cde678801c62021-12-21 10:21:52.943root 11241100x8000000000000000333481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5610274ab30ec3832021-12-21 10:21:52.944root 11241100x8000000000000000333482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d80cc82bb50a882021-12-21 10:21:52.944root 11241100x8000000000000000333483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96aaadc1b2b15652021-12-21 10:21:52.944root 11241100x8000000000000000333484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec67b43f2a12cf2021-12-21 10:21:52.944root 11241100x8000000000000000333485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab6f478e51274f22021-12-21 10:21:52.944root 11241100x8000000000000000333486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b6d0d350ec98402021-12-21 10:21:52.944root 11241100x8000000000000000333487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af54cc2c2257c752021-12-21 10:21:52.944root 11241100x8000000000000000333488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dad801dcc5e1d22021-12-21 10:21:52.944root 11241100x8000000000000000333489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198db043e2646f92021-12-21 10:21:52.944root 11241100x8000000000000000333490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c1f31c9c1fda52021-12-21 10:21:52.944root 11241100x8000000000000000333491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadfca8bb69eda342021-12-21 10:21:52.945root 11241100x8000000000000000333492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad45f05b4e80675c2021-12-21 10:21:52.945root 11241100x8000000000000000333493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc808192c21a50ca2021-12-21 10:21:52.945root 11241100x8000000000000000333494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23eb3d2f06709662021-12-21 10:21:52.945root 11241100x8000000000000000333495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557ae38cc5ab23e2021-12-21 10:21:52.945root 11241100x8000000000000000333496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36600182fe362da2021-12-21 10:21:52.945root 11241100x8000000000000000333497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3127847cd340c4432021-12-21 10:21:52.945root 11241100x8000000000000000333498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a8d8a9c37124a2021-12-21 10:21:52.945root 11241100x8000000000000000333499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2472ae580b90eb2021-12-21 10:21:52.946root 11241100x8000000000000000333500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bc778219e675ef2021-12-21 10:21:52.946root 11241100x8000000000000000333501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e6f03c77968ae52021-12-21 10:21:52.946root 11241100x8000000000000000333502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd4fbb69292c662021-12-21 10:21:52.946root 11241100x8000000000000000333503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5594b2b39ff1b9a82021-12-21 10:21:52.946root 11241100x8000000000000000333504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a72ae0d623fa5ac2021-12-21 10:21:52.946root 11241100x8000000000000000333505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e2c821a377c5c72021-12-21 10:21:52.946root 11241100x8000000000000000333506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef740dd71c488d6d2021-12-21 10:21:52.947root 11241100x8000000000000000333507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30361ed80544f5aa2021-12-21 10:21:52.947root 11241100x8000000000000000333508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cea0015469854a72021-12-21 10:21:52.947root 11241100x8000000000000000333509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97a1c1f623f8042021-12-21 10:21:52.947root 11241100x8000000000000000333510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf82086d79694392021-12-21 10:21:52.947root 11241100x8000000000000000333511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473289841de6b862021-12-21 10:21:52.947root 11241100x8000000000000000333512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e64bab3c00a55622021-12-21 10:21:53.443root 11241100x8000000000000000333513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f5006b83fec6922021-12-21 10:21:53.443root 11241100x8000000000000000333514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acab200f1fff80452021-12-21 10:21:53.443root 11241100x8000000000000000333515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2082a7f2976a732021-12-21 10:21:53.444root 11241100x8000000000000000333516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bb9cac4e0034a2021-12-21 10:21:53.444root 11241100x8000000000000000333517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0683e55df2b6c2442021-12-21 10:21:53.444root 11241100x8000000000000000333518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f538b5a4449f612021-12-21 10:21:53.444root 11241100x8000000000000000333519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f9dcb2fa39ded32021-12-21 10:21:53.444root 11241100x8000000000000000333520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabc4149fe174bc72021-12-21 10:21:53.444root 11241100x8000000000000000333521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05786e9e1f7095772021-12-21 10:21:53.444root 11241100x8000000000000000333522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f45978c403abf332021-12-21 10:21:53.444root 11241100x8000000000000000333523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea06d7de0c2e7892021-12-21 10:21:53.444root 11241100x8000000000000000333524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9363806fac83f892021-12-21 10:21:53.445root 11241100x8000000000000000333525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b19145f538faa92021-12-21 10:21:53.445root 11241100x8000000000000000333526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da249bbb962112062021-12-21 10:21:53.445root 11241100x8000000000000000333527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43cebcedbef46752021-12-21 10:21:53.445root 11241100x8000000000000000333528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e27399a6d50652021-12-21 10:21:53.445root 11241100x8000000000000000333529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f39c5e3b7e3beb2021-12-21 10:21:53.445root 11241100x8000000000000000333530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6123f16357b95322021-12-21 10:21:53.445root 11241100x8000000000000000333531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e520b14e5d5d1f032021-12-21 10:21:53.445root 11241100x8000000000000000333532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f50880c43822b62021-12-21 10:21:53.445root 11241100x8000000000000000333533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ccd6a8b28307e62021-12-21 10:21:53.445root 11241100x8000000000000000333534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca9ca1371fb9ee72021-12-21 10:21:53.445root 11241100x8000000000000000333535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cb353eab550e232021-12-21 10:21:53.446root 11241100x8000000000000000333536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f311dab74fc16912021-12-21 10:21:53.446root 11241100x8000000000000000333537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d4792a56fe7922021-12-21 10:21:53.446root 11241100x8000000000000000333538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a814462d17f91fff2021-12-21 10:21:53.446root 11241100x8000000000000000333539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0362889e79b00a2021-12-21 10:21:53.446root 11241100x8000000000000000333540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493eabe0764db1f32021-12-21 10:21:53.446root 11241100x8000000000000000333541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9834a106a1a82eb2021-12-21 10:21:53.446root 11241100x8000000000000000333542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25921c5098e51142021-12-21 10:21:53.446root 11241100x8000000000000000333543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc021a2d2f87f172021-12-21 10:21:53.446root 11241100x8000000000000000333544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65ac8e65785a2b22021-12-21 10:21:53.446root 11241100x8000000000000000333545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c6e562e54226af2021-12-21 10:21:53.447root 11241100x8000000000000000333546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce3b8775ce6dc352021-12-21 10:21:53.447root 11241100x8000000000000000333547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64732b543bfa41c42021-12-21 10:21:53.447root 11241100x8000000000000000333548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb5e2bbe2ef454d2021-12-21 10:21:53.943root 11241100x8000000000000000333549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d72b518003d7b2021-12-21 10:21:53.943root 11241100x8000000000000000333550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837294e46c1d1c172021-12-21 10:21:53.943root 11241100x8000000000000000333551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a363c371acf29b2021-12-21 10:21:53.943root 11241100x8000000000000000333552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c8757425cac1582021-12-21 10:21:53.944root 11241100x8000000000000000333553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a62cd95cf6b8d2021-12-21 10:21:53.944root 11241100x8000000000000000333554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7635c0150d31acd82021-12-21 10:21:53.944root 11241100x8000000000000000333555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9fe67c5d80e16e2021-12-21 10:21:53.944root 11241100x8000000000000000333556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f63cc35a0197702021-12-21 10:21:53.944root 11241100x8000000000000000333557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483dec7a7186889e2021-12-21 10:21:53.944root 11241100x8000000000000000333558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd06dc6f89eb2dbe2021-12-21 10:21:53.944root 11241100x8000000000000000333559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e416b1d4f2d612021-12-21 10:21:53.945root 11241100x8000000000000000333560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb4008ac4d0777a2021-12-21 10:21:53.945root 11241100x8000000000000000333561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdc06aa730697322021-12-21 10:21:53.945root 11241100x8000000000000000333562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328be02d916ba6392021-12-21 10:21:53.945root 11241100x8000000000000000333563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5839f99726674e2021-12-21 10:21:53.945root 11241100x8000000000000000333564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747505ed7127250c2021-12-21 10:21:53.945root 11241100x8000000000000000333565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f40f1975b84eaa2021-12-21 10:21:53.945root 11241100x8000000000000000333566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e8f48a9d279a12021-12-21 10:21:53.946root 11241100x8000000000000000333567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec8169c2e7b6ff2021-12-21 10:21:53.946root 11241100x8000000000000000333568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592f100afb9c9d22021-12-21 10:21:53.947root 11241100x8000000000000000333569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c4ee555b538fc2021-12-21 10:21:53.947root 11241100x8000000000000000333570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013740940c908db22021-12-21 10:21:53.947root 11241100x8000000000000000333571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8fa2e17649cbfa2021-12-21 10:21:53.948root 11241100x8000000000000000333572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1750697fb5b0e3552021-12-21 10:21:53.948root 11241100x8000000000000000333573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d19e40c1c9b38e2021-12-21 10:21:53.948root 11241100x8000000000000000333574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f8beadd5a38afb2021-12-21 10:21:53.949root 11241100x8000000000000000333575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e38fe4d87bb0fe2021-12-21 10:21:53.949root 11241100x8000000000000000333576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f758d0ac6aad5092021-12-21 10:21:53.949root 11241100x8000000000000000333577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b2e985f19339f2021-12-21 10:21:53.950root 11241100x8000000000000000333578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42b0bc9d7f3cd02021-12-21 10:21:53.950root 11241100x8000000000000000333579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81feebbfe99eafcf2021-12-21 10:21:53.950root 11241100x8000000000000000333580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6955015878ebd642021-12-21 10:21:53.950root 11241100x8000000000000000333581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649d77f743f006d2021-12-21 10:21:53.951root 11241100x8000000000000000333582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dacfcfcbff6b6c2021-12-21 10:21:53.951root 354300x8000000000000000333583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46992-false10.0.1.12-8000- 11241100x8000000000000000333584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402db7941540d94a2021-12-21 10:21:54.207root 11241100x8000000000000000333585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5d56e20d34d612021-12-21 10:21:54.207root 11241100x8000000000000000333586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d94fa0ef6b37e7a2021-12-21 10:21:54.208root 11241100x8000000000000000333587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a131b7dbdcf709f52021-12-21 10:21:54.208root 11241100x8000000000000000333588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f49f135847f7aec2021-12-21 10:21:54.208root 11241100x8000000000000000333589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb40cb88e5bd4fb2021-12-21 10:21:54.208root 11241100x8000000000000000333590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a55e838911df612021-12-21 10:21:54.208root 11241100x8000000000000000333591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb65decf0f1a21ed2021-12-21 10:21:54.208root 11241100x8000000000000000333592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46d9b06c36a94b62021-12-21 10:21:54.208root 11241100x8000000000000000333593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0bdb5bba1a0bb2021-12-21 10:21:54.209root 11241100x8000000000000000333594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5d244a916c6c42021-12-21 10:21:54.209root 11241100x8000000000000000333595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a12e0226c3afdd2021-12-21 10:21:54.209root 11241100x8000000000000000333596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c521a05cb11c1c62021-12-21 10:21:54.209root 11241100x8000000000000000333597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de08c9810ffcc362021-12-21 10:21:54.209root 11241100x8000000000000000333598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543c129ffb6cac52021-12-21 10:21:54.209root 11241100x8000000000000000333599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256069eccf64e03f2021-12-21 10:21:54.209root 11241100x8000000000000000333600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc8356a556fcb2d2021-12-21 10:21:54.210root 11241100x8000000000000000333601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a247add8ea3902d32021-12-21 10:21:54.210root 11241100x8000000000000000333602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a5dc697c6bf26c2021-12-21 10:21:54.210root 11241100x8000000000000000333603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401b22ff13f975b92021-12-21 10:21:54.210root 11241100x8000000000000000333604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5858ad2f995de52021-12-21 10:21:54.210root 11241100x8000000000000000333605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55322c2bc71beb722021-12-21 10:21:54.210root 11241100x8000000000000000333606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6a6233a43d0e22021-12-21 10:21:54.210root 11241100x8000000000000000333607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10922bff25f227962021-12-21 10:21:54.211root 11241100x8000000000000000333608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0b288ccc1dac52021-12-21 10:21:54.211root 11241100x8000000000000000333609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266490bb7a2ec6f32021-12-21 10:21:54.211root 11241100x8000000000000000333610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9e130098d61fc82021-12-21 10:21:54.211root 11241100x8000000000000000333611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182b49510ede3262021-12-21 10:21:54.211root 11241100x8000000000000000333612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ea826fab18d7c2021-12-21 10:21:54.211root 11241100x8000000000000000333613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb2973790e21d742021-12-21 10:21:54.211root 11241100x8000000000000000333614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87209df6d1702f862021-12-21 10:21:54.212root 11241100x8000000000000000333615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f171612783c64b862021-12-21 10:21:54.212root 11241100x8000000000000000333616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff819fda826baa4b2021-12-21 10:21:54.212root 11241100x8000000000000000333617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef329f8ca9a188f2021-12-21 10:21:54.212root 11241100x8000000000000000333618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c8c4edd6142e162021-12-21 10:21:54.212root 11241100x8000000000000000333619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f8359db8d0b0be2021-12-21 10:21:54.212root 11241100x8000000000000000333620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07086a1f84b83152021-12-21 10:21:54.213root 11241100x8000000000000000333621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99c6d88bba341842021-12-21 10:21:54.213root 11241100x8000000000000000333622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab47631e076de2782021-12-21 10:21:54.213root 11241100x8000000000000000333623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0522957432610982021-12-21 10:21:54.213root 11241100x8000000000000000333624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e92e4b9589bbbf12021-12-21 10:21:54.693root 11241100x8000000000000000333625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f136e402337f92021-12-21 10:21:54.693root 11241100x8000000000000000333626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dff0b75995960b2021-12-21 10:21:54.693root 11241100x8000000000000000333627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b8dd629e025dee2021-12-21 10:21:54.693root 11241100x8000000000000000333628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea5486afe9322b22021-12-21 10:21:54.694root 11241100x8000000000000000333629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf79cf14d5b69c2021-12-21 10:21:54.694root 11241100x8000000000000000333630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0139e158db5446e22021-12-21 10:21:54.694root 11241100x8000000000000000333631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317c2bd2e303c3f2021-12-21 10:21:54.694root 11241100x8000000000000000333632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145339aa6afcffc32021-12-21 10:21:54.694root 11241100x8000000000000000333633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d15668f3e3b61e42021-12-21 10:21:54.695root 11241100x8000000000000000333634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331472649e2ff2192021-12-21 10:21:54.695root 11241100x8000000000000000333635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd1e59ccf9453502021-12-21 10:21:54.695root 11241100x8000000000000000333636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148c599e9b89087f2021-12-21 10:21:54.695root 11241100x8000000000000000333637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f7d5a332a629cc2021-12-21 10:21:54.695root 11241100x8000000000000000333638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a4b3b61a54e2112021-12-21 10:21:54.695root 11241100x8000000000000000333639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbbf13ef1a932d62021-12-21 10:21:54.695root 11241100x8000000000000000333640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975f1beb30c8e8be2021-12-21 10:21:54.696root 11241100x8000000000000000333641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f475c927b6ef73ce2021-12-21 10:21:54.696root 11241100x8000000000000000333642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca3c8ca70b949d2021-12-21 10:21:54.696root 11241100x8000000000000000333643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002fc163bb7dae682021-12-21 10:21:54.696root 11241100x8000000000000000333644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b3f144c912d7342021-12-21 10:21:54.696root 11241100x8000000000000000333645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b665ac8e0dc90b22021-12-21 10:21:54.696root 11241100x8000000000000000333646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0d454c2e4b80712021-12-21 10:21:54.697root 11241100x8000000000000000333647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c50e7bce5d07ad2021-12-21 10:21:54.697root 11241100x8000000000000000333648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08006ebbcf0d16d62021-12-21 10:21:54.697root 11241100x8000000000000000333649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1060172f24b408562021-12-21 10:21:54.697root 11241100x8000000000000000333650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52e9937336d8772021-12-21 10:21:54.697root 11241100x8000000000000000333651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6dcf55cc1635d22021-12-21 10:21:54.697root 11241100x8000000000000000333652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c270c7e2fa8a962021-12-21 10:21:54.697root 11241100x8000000000000000333653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c2e7a1203d80692021-12-21 10:21:54.698root 11241100x8000000000000000333654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46db3da294fb87b2021-12-21 10:21:54.698root 11241100x8000000000000000333655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c59431359e784072021-12-21 10:21:54.698root 11241100x8000000000000000333656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044177c86f74f81a2021-12-21 10:21:54.698root 11241100x8000000000000000333657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56317f148e44fc22021-12-21 10:21:54.698root 11241100x8000000000000000333658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57907105eb4dfc7f2021-12-21 10:21:54.698root 11241100x8000000000000000333659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be22d273b2edd4102021-12-21 10:21:54.698root 11241100x8000000000000000333660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034e97de5c6449692021-12-21 10:21:54.698root 11241100x8000000000000000333661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5440cbc32444db542021-12-21 10:21:54.698root 11241100x8000000000000000333662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e67336f383e6fde2021-12-21 10:21:54.698root 11241100x8000000000000000333663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38054290389055e62021-12-21 10:21:54.698root 11241100x8000000000000000333664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fac35189d50bf292021-12-21 10:21:55.193root 11241100x8000000000000000333665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10e8e1b81de7a492021-12-21 10:21:55.194root 11241100x8000000000000000333666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5248850671699252021-12-21 10:21:55.194root 11241100x8000000000000000333667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9120a9ee8233d42021-12-21 10:21:55.194root 11241100x8000000000000000333668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3699e878e9f983442021-12-21 10:21:55.194root 11241100x8000000000000000333669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4e3a5605d093612021-12-21 10:21:55.194root 11241100x8000000000000000333670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde34ade2ea777152021-12-21 10:21:55.194root 11241100x8000000000000000333671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2c21196de06012021-12-21 10:21:55.195root 11241100x8000000000000000333672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672a1f7d281e6d1f2021-12-21 10:21:55.195root 11241100x8000000000000000333673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3ea6a1d8918ee02021-12-21 10:21:55.195root 11241100x8000000000000000333674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e14596ad596ae2021-12-21 10:21:55.195root 11241100x8000000000000000333675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668d0a160c259232021-12-21 10:21:55.195root 11241100x8000000000000000333676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238a8cb5f1ff80492021-12-21 10:21:55.195root 11241100x8000000000000000333677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac0439131489b382021-12-21 10:21:55.195root 11241100x8000000000000000333678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd8993bb191f8ef2021-12-21 10:21:55.195root 11241100x8000000000000000333679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6834d18a3d538a732021-12-21 10:21:55.196root 11241100x8000000000000000333680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079c94d40c3f99c22021-12-21 10:21:55.196root 11241100x8000000000000000333681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c962172796eeb1b2021-12-21 10:21:55.196root 11241100x8000000000000000333682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f460fc73a36a7f2e2021-12-21 10:21:55.196root 11241100x8000000000000000333683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e89502e7992e492021-12-21 10:21:55.196root 11241100x8000000000000000333684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429c5be9180486352021-12-21 10:21:55.196root 11241100x8000000000000000333685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84600954e5b2b1742021-12-21 10:21:55.196root 11241100x8000000000000000333686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2ac7aa1e65cd6c2021-12-21 10:21:55.196root 11241100x8000000000000000333687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eb6a6e537339cc2021-12-21 10:21:55.197root 11241100x8000000000000000333688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8c5442ce5835982021-12-21 10:21:55.197root 11241100x8000000000000000333689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c109ab9a3f78a6742021-12-21 10:21:55.197root 11241100x8000000000000000333690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aa2398ecd623842021-12-21 10:21:55.197root 11241100x8000000000000000333691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2564179dfb4103b2021-12-21 10:21:55.197root 11241100x8000000000000000333692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442eb432371b4a492021-12-21 10:21:55.197root 11241100x8000000000000000333693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e736b0ed9f5f8e2021-12-21 10:21:55.198root 11241100x8000000000000000333694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc569822fd8fff2021-12-21 10:21:55.198root 11241100x8000000000000000333695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e894e2f4a3ed4dde2021-12-21 10:21:55.198root 11241100x8000000000000000333696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208b42357443f2782021-12-21 10:21:55.198root 11241100x8000000000000000333697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637031ea89c631dc2021-12-21 10:21:55.198root 11241100x8000000000000000333698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52569d00aaa21b402021-12-21 10:21:55.199root 11241100x8000000000000000333699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8b027de76577b32021-12-21 10:21:55.199root 11241100x8000000000000000333700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee355b74a38d0f4e2021-12-21 10:21:55.693root 11241100x8000000000000000333701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef17f119ee74be42021-12-21 10:21:55.693root 11241100x8000000000000000333702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19832b6092f4ea032021-12-21 10:21:55.693root 11241100x8000000000000000333703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f73134bdc7cc62021-12-21 10:21:55.694root 11241100x8000000000000000333704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bdf4e9ed4e745b2021-12-21 10:21:55.694root 11241100x8000000000000000333705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b280a2bf5bfe72021-12-21 10:21:55.695root 11241100x8000000000000000333706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dd5c1f2dbfee882021-12-21 10:21:55.695root 11241100x8000000000000000333707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa240b4c27231722021-12-21 10:21:55.695root 11241100x8000000000000000333708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb6dea42a26e172021-12-21 10:21:55.695root 11241100x8000000000000000333709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4590eeb5f75645eb2021-12-21 10:21:55.695root 11241100x8000000000000000333710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac86bb4cdffd77e2021-12-21 10:21:55.695root 11241100x8000000000000000333711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7785b58bd06f62021-12-21 10:21:55.696root 11241100x8000000000000000333712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62fc3185ec9b0c22021-12-21 10:21:55.696root 11241100x8000000000000000333713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e4f0d610c03112021-12-21 10:21:55.696root 11241100x8000000000000000333714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30dad7ef8ff50c72021-12-21 10:21:55.696root 11241100x8000000000000000333715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da78664b0f4df9d2021-12-21 10:21:55.696root 11241100x8000000000000000333716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1890dc1596ec488b2021-12-21 10:21:55.696root 11241100x8000000000000000333717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e95ae98791b9d2021-12-21 10:21:55.696root 11241100x8000000000000000333718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c8d84bfe2dbddc2021-12-21 10:21:55.696root 11241100x8000000000000000333719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9572b571b1fba6742021-12-21 10:21:55.696root 11241100x8000000000000000333720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a866c4906030e65b2021-12-21 10:21:55.697root 11241100x8000000000000000333721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef011dde3a6fbd2021-12-21 10:21:55.697root 11241100x8000000000000000333722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c5db44280b47322021-12-21 10:21:55.697root 11241100x8000000000000000333723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed3b23261a4a02f2021-12-21 10:21:55.697root 11241100x8000000000000000333724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c27cb0403b256f2021-12-21 10:21:55.697root 11241100x8000000000000000333725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469cae1b5347d7832021-12-21 10:21:55.697root 11241100x8000000000000000333726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0890ab3c00e3372021-12-21 10:21:55.697root 11241100x8000000000000000333727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cc49cb15bd92572021-12-21 10:21:55.697root 11241100x8000000000000000333728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9e5e9ef48975db2021-12-21 10:21:55.697root 11241100x8000000000000000333729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc9115825e0a502021-12-21 10:21:55.698root 11241100x8000000000000000333730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3c09895bd1eefd2021-12-21 10:21:55.698root 11241100x8000000000000000333731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783e6d3783259af2021-12-21 10:21:55.698root 11241100x8000000000000000333732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103980c237681bbe2021-12-21 10:21:55.698root 11241100x8000000000000000333733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50747d819c633722021-12-21 10:21:55.698root 11241100x8000000000000000333734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c078ca833840db72021-12-21 10:21:55.698root 11241100x8000000000000000333735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d966878f598e6432021-12-21 10:21:55.698root 11241100x8000000000000000333736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1614b0fce6a5702021-12-21 10:21:55.698root 11241100x8000000000000000333737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee42e134fe5c18e92021-12-21 10:21:55.698root 11241100x8000000000000000333738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4645c6aef7c0a072021-12-21 10:21:55.699root 11241100x8000000000000000333739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de72b55f561384b2021-12-21 10:21:56.193root 11241100x8000000000000000333740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d102b0fbdd79c26e2021-12-21 10:21:56.194root 11241100x8000000000000000333741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1f18c4898222c02021-12-21 10:21:56.194root 11241100x8000000000000000333742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4551cb6d5791be32021-12-21 10:21:56.194root 11241100x8000000000000000333743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bfe08e37131c382021-12-21 10:21:56.194root 11241100x8000000000000000333744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19744ff7666bf252021-12-21 10:21:56.195root 11241100x8000000000000000333745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e2b351a38b83e42021-12-21 10:21:56.195root 11241100x8000000000000000333746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed75b600419c8832021-12-21 10:21:56.195root 11241100x8000000000000000333747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272df7e920944c412021-12-21 10:21:56.195root 11241100x8000000000000000333748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95fb7cd3cc27d02021-12-21 10:21:56.196root 11241100x8000000000000000333749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40b2b6c4866a4cf2021-12-21 10:21:56.196root 11241100x8000000000000000333750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ebe536050632cd2021-12-21 10:21:56.196root 11241100x8000000000000000333751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98cf090f06651972021-12-21 10:21:56.196root 11241100x8000000000000000333752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382f1ee7f0f7ac82021-12-21 10:21:56.196root 11241100x8000000000000000333753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94f18b64bc98faf2021-12-21 10:21:56.196root 11241100x8000000000000000333754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4dd85d3d8cdad2021-12-21 10:21:56.197root 11241100x8000000000000000333755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775f5a8c2d6aafa62021-12-21 10:21:56.197root 11241100x8000000000000000333756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8523e556e95a9ee92021-12-21 10:21:56.197root 11241100x8000000000000000333757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4911ec1b19855c8b2021-12-21 10:21:56.197root 11241100x8000000000000000333758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918235871c2f83732021-12-21 10:21:56.197root 11241100x8000000000000000333759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8637383223fc27432021-12-21 10:21:56.197root 11241100x8000000000000000333760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce198f6e68746d2021-12-21 10:21:56.197root 11241100x8000000000000000333761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6462fb10ba54222021-12-21 10:21:56.197root 11241100x8000000000000000333762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea1079eee30fc912021-12-21 10:21:56.198root 11241100x8000000000000000333763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a221d02cebef199b2021-12-21 10:21:56.198root 11241100x8000000000000000333764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade377ee054cbcd2021-12-21 10:21:56.198root 11241100x8000000000000000333765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1da806230f0af2021-12-21 10:21:56.198root 11241100x8000000000000000333766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4e413a79fae45a2021-12-21 10:21:56.198root 11241100x8000000000000000333767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f2448e5a49daba2021-12-21 10:21:56.198root 11241100x8000000000000000333768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f631aff07734672d2021-12-21 10:21:56.198root 11241100x8000000000000000333769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c79032c67a4d9a2021-12-21 10:21:56.198root 11241100x8000000000000000333770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5042522e2b4e872021-12-21 10:21:56.199root 11241100x8000000000000000333771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944a152ec41bb69c2021-12-21 10:21:56.199root 11241100x8000000000000000333772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc8346cb3e7ccc2021-12-21 10:21:56.199root 11241100x8000000000000000333773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156caec7fa331c7b2021-12-21 10:21:56.199root 11241100x8000000000000000333774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6916a24ff7b4e82021-12-21 10:21:56.199root 11241100x8000000000000000333775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8cc00ab613c0642021-12-21 10:21:56.199root 11241100x8000000000000000333776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312ecc0fd7fc00f72021-12-21 10:21:56.199root 11241100x8000000000000000333777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21024cf4a42f2a02021-12-21 10:21:56.693root 11241100x8000000000000000333778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddef635feb17ed2a2021-12-21 10:21:56.693root 11241100x8000000000000000333779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c773e52571a6962021-12-21 10:21:56.693root 11241100x8000000000000000333780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844bc738c86457c32021-12-21 10:21:56.693root 11241100x8000000000000000333781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4961592af08bb5b2021-12-21 10:21:56.693root 11241100x8000000000000000333782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea153b27ec88d4d52021-12-21 10:21:56.694root 11241100x8000000000000000333783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e619623089a12f22021-12-21 10:21:56.694root 11241100x8000000000000000333784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d73a8bb3aef552e2021-12-21 10:21:56.694root 11241100x8000000000000000333785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7526c382afbadb92021-12-21 10:21:56.694root 11241100x8000000000000000333786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbbaca2b319cbf32021-12-21 10:21:56.694root 11241100x8000000000000000333787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c199f757450293e62021-12-21 10:21:56.694root 11241100x8000000000000000333788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1538224f5ece53732021-12-21 10:21:56.694root 11241100x8000000000000000333789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936340061918eb0e2021-12-21 10:21:56.694root 11241100x8000000000000000333790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8557ba7767472f182021-12-21 10:21:56.694root 11241100x8000000000000000333791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f1cbabe4a512c2021-12-21 10:21:56.694root 11241100x8000000000000000333792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4a9f883f0526152021-12-21 10:21:56.694root 11241100x8000000000000000333793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f515bfe56e525be02021-12-21 10:21:56.695root 11241100x8000000000000000333794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8322d02c32181bd2021-12-21 10:21:56.695root 11241100x8000000000000000333795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89c808add275302021-12-21 10:21:56.695root 11241100x8000000000000000333796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e006960768b43b72021-12-21 10:21:56.695root 11241100x8000000000000000333797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aed95d39f90a6112021-12-21 10:21:56.695root 11241100x8000000000000000333798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a2c3673c656a5d2021-12-21 10:21:56.695root 11241100x8000000000000000333799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f9a1873c4da082021-12-21 10:21:56.695root 11241100x8000000000000000333800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2912e63d49f0242021-12-21 10:21:56.695root 11241100x8000000000000000333801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c96eb014ebba122021-12-21 10:21:56.695root 11241100x8000000000000000333802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf921ac4b8c36f32021-12-21 10:21:56.696root 11241100x8000000000000000333803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63471b3c428229d82021-12-21 10:21:56.696root 11241100x8000000000000000333804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d86040d73a74d462021-12-21 10:21:56.696root 11241100x8000000000000000333805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27585368c63276f02021-12-21 10:21:56.696root 11241100x8000000000000000333806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c207bfe2a41ad73b2021-12-21 10:21:56.696root 11241100x8000000000000000333807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070cde09070b13a52021-12-21 10:21:56.696root 11241100x8000000000000000333808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c008995881d0772021-12-21 10:21:56.696root 11241100x8000000000000000333809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f840633201c342021-12-21 10:21:56.696root 11241100x8000000000000000333810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df02807730208732021-12-21 10:21:56.696root 11241100x8000000000000000333811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da2c85377965e252021-12-21 10:21:56.696root 11241100x8000000000000000333812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cab1ff6a09a8f02021-12-21 10:21:57.193root 11241100x8000000000000000333813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89a75ecd5ad1e92021-12-21 10:21:57.193root 11241100x8000000000000000333814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d0a0431aaeca9a2021-12-21 10:21:57.193root 11241100x8000000000000000333815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e92d020e598945b2021-12-21 10:21:57.193root 11241100x8000000000000000333816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f0e60d21b64aaf2021-12-21 10:21:57.194root 11241100x8000000000000000333817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53415d3b996fcb82021-12-21 10:21:57.194root 11241100x8000000000000000333818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843020460ca4f3d22021-12-21 10:21:57.194root 11241100x8000000000000000333819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a426e426894a0b842021-12-21 10:21:57.194root 11241100x8000000000000000333820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702c8eab4220efe72021-12-21 10:21:57.194root 11241100x8000000000000000333821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bcca03aac7ff9e2021-12-21 10:21:57.194root 11241100x8000000000000000333822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e816ba29cac4e4f72021-12-21 10:21:57.194root 11241100x8000000000000000333823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f076d0c0b369851d2021-12-21 10:21:57.194root 11241100x8000000000000000333824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b74fe77919b876a2021-12-21 10:21:57.194root 11241100x8000000000000000333825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3bfd6b407e8d352021-12-21 10:21:57.195root 11241100x8000000000000000333826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ef673c4a65a6332021-12-21 10:21:57.195root 11241100x8000000000000000333827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d743111a9b8b2f2021-12-21 10:21:57.195root 11241100x8000000000000000333828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28355333d40567f2021-12-21 10:21:57.195root 11241100x8000000000000000333829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5548cdc91bbbe1122021-12-21 10:21:57.195root 11241100x8000000000000000333830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024271be59da5982021-12-21 10:21:57.195root 11241100x8000000000000000333831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783352ef4783fd862021-12-21 10:21:57.195root 11241100x8000000000000000333832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39ef0ce71b527c2021-12-21 10:21:57.195root 11241100x8000000000000000333833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf363f4963e696732021-12-21 10:21:57.195root 11241100x8000000000000000333834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbafc050b76a7012021-12-21 10:21:57.195root 11241100x8000000000000000333835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcae0a467c08b8e2021-12-21 10:21:57.196root 11241100x8000000000000000333836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a608ade88a3d9c862021-12-21 10:21:57.196root 11241100x8000000000000000333837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab68a4e50fd039f2021-12-21 10:21:57.196root 11241100x8000000000000000333838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd9e252c2580da72021-12-21 10:21:57.196root 11241100x8000000000000000333839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de024a3e76ec2cd52021-12-21 10:21:57.196root 11241100x8000000000000000333840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb5e412ad6605282021-12-21 10:21:57.196root 11241100x8000000000000000333841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d97564b08ae432f2021-12-21 10:21:57.196root 11241100x8000000000000000333842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7384907bc634e2021-12-21 10:21:57.196root 11241100x8000000000000000333843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9edf834fbe216212021-12-21 10:21:57.196root 11241100x8000000000000000333844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9592efcf0a02f2021-12-21 10:21:57.197root 11241100x8000000000000000333845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd381af38777bed2021-12-21 10:21:57.197root 11241100x8000000000000000333846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b40403a11de47222021-12-21 10:21:57.197root 11241100x8000000000000000333847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128d75b0b79747042021-12-21 10:21:57.197root 11241100x8000000000000000333848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a518c2426f8922021-12-21 10:21:57.197root 11241100x8000000000000000333849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b4c24f4ae703632021-12-21 10:21:57.197root 11241100x8000000000000000333850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef258e3b87272322021-12-21 10:21:57.197root 11241100x8000000000000000333851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a13084ac2ed29d92021-12-21 10:21:57.197root 11241100x8000000000000000333852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b9c63d6076d30c2021-12-21 10:21:57.197root 11241100x8000000000000000333853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51553961712a225a2021-12-21 10:21:57.693root 11241100x8000000000000000333854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11ed6d715c660702021-12-21 10:21:57.693root 11241100x8000000000000000333855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b71d4d5073a4602021-12-21 10:21:57.694root 11241100x8000000000000000333856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02aa4f646ea2d8b2021-12-21 10:21:57.694root 11241100x8000000000000000333857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619d5ebfb338857d2021-12-21 10:21:57.694root 11241100x8000000000000000333858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4415a6e23089a7a32021-12-21 10:21:57.694root 11241100x8000000000000000333859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea3f93f4e8c30032021-12-21 10:21:57.694root 11241100x8000000000000000333860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdabf73db4241eb22021-12-21 10:21:57.695root 11241100x8000000000000000333861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae59a0a3211aa22021-12-21 10:21:57.695root 11241100x8000000000000000333862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626f077d576f884a2021-12-21 10:21:57.695root 11241100x8000000000000000333863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc258bbf280f94b62021-12-21 10:21:57.695root 11241100x8000000000000000333864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387f873ecb87d01e2021-12-21 10:21:57.695root 11241100x8000000000000000333865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7d45541ee62bda2021-12-21 10:21:57.695root 11241100x8000000000000000333866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1aef98df46eda2021-12-21 10:21:57.695root 11241100x8000000000000000333867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c033a1e7238ab3ab2021-12-21 10:21:57.696root 11241100x8000000000000000333868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c01020f3d407db2021-12-21 10:21:57.696root 11241100x8000000000000000333869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32614194791f2f92021-12-21 10:21:57.696root 11241100x8000000000000000333870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc32ed046f5786f82021-12-21 10:21:57.696root 11241100x8000000000000000333871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab971a47a4646fc2021-12-21 10:21:57.696root 11241100x8000000000000000333872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165f86d66c8ace962021-12-21 10:21:57.696root 11241100x8000000000000000333873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e50c29c0679915a2021-12-21 10:21:57.696root 11241100x8000000000000000333874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0ed15d1658c5022021-12-21 10:21:57.696root 11241100x8000000000000000333875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e63ab438fe81dce2021-12-21 10:21:57.696root 11241100x8000000000000000333876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b123dcb7260ddab12021-12-21 10:21:57.697root 11241100x8000000000000000333877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ef712701e17622021-12-21 10:21:57.697root 11241100x8000000000000000333878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f476e8a0c9718a882021-12-21 10:21:57.697root 11241100x8000000000000000333879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9150cf20f771f572021-12-21 10:21:57.697root 11241100x8000000000000000333880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a00d0a6eb681922021-12-21 10:21:57.697root 11241100x8000000000000000333881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c56d528edf4f42021-12-21 10:21:57.697root 11241100x8000000000000000333882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad98bf6583b37e6f2021-12-21 10:21:57.697root 11241100x8000000000000000333883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347a9dc7da43fd122021-12-21 10:21:57.697root 11241100x8000000000000000333884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3095ee2bd0723e2021-12-21 10:21:57.697root 11241100x8000000000000000333885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df51b14ea4dc56e2021-12-21 10:21:57.697root 11241100x8000000000000000333886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61db362176d43eeb2021-12-21 10:21:57.697root 11241100x8000000000000000333887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc96efb3bb501562021-12-21 10:21:57.697root 11241100x8000000000000000333888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71658ce50f582002021-12-21 10:21:57.697root 11241100x8000000000000000333889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0824aff2ce2f632021-12-21 10:21:57.697root 11241100x8000000000000000333890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0144bca703d7e2302021-12-21 10:21:57.698root 11241100x8000000000000000333891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc10fa29b3ef8f22021-12-21 10:21:57.698root 11241100x8000000000000000333892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d748356095b450ff2021-12-21 10:21:57.698root 11241100x8000000000000000333893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931487858e1805262021-12-21 10:21:57.698root 11241100x8000000000000000333894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc9f010fe5be1d32021-12-21 10:21:57.698root 11241100x8000000000000000333895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811dd9d7dbe7058b2021-12-21 10:21:57.698root 11241100x8000000000000000333896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933344acb3cb58812021-12-21 10:21:57.698root 11241100x8000000000000000333897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca54b6d9ee63842021-12-21 10:21:57.698root 11241100x8000000000000000333898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436e9f866e992fbe2021-12-21 10:21:57.698root 11241100x8000000000000000333899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a896875669027d2021-12-21 10:21:57.698root 11241100x8000000000000000333900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862353df6a5036062021-12-21 10:21:57.698root 11241100x8000000000000000333901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b731754af0356f2021-12-21 10:21:57.698root 11241100x8000000000000000333902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9abe2f7e7b50b2021-12-21 10:21:58.193root 11241100x8000000000000000333903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab1521ee47d7f0c2021-12-21 10:21:58.193root 11241100x8000000000000000333904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f0ea97115b3e612021-12-21 10:21:58.193root 11241100x8000000000000000333905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d0f6f46e7b808e2021-12-21 10:21:58.193root 11241100x8000000000000000333906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226bacf9b2d395c2021-12-21 10:21:58.194root 11241100x8000000000000000333907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7e199136d5c7b2021-12-21 10:21:58.194root 11241100x8000000000000000333908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2d61954a931f2a2021-12-21 10:21:58.194root 11241100x8000000000000000333909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc179e6891f52c592021-12-21 10:21:58.194root 11241100x8000000000000000333910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a891f637ae7d262021-12-21 10:21:58.194root 11241100x8000000000000000333911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1604b8941b64c0092021-12-21 10:21:58.194root 11241100x8000000000000000333912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f40a6959346d22021-12-21 10:21:58.194root 11241100x8000000000000000333913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c5c327d61ba8c2021-12-21 10:21:58.195root 11241100x8000000000000000333914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46bb477255735342021-12-21 10:21:58.195root 11241100x8000000000000000333915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4fc56d03538a232021-12-21 10:21:58.195root 11241100x8000000000000000333916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3670ccbdc5f0eb52021-12-21 10:21:58.195root 11241100x8000000000000000333917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3ff1134e1e3422021-12-21 10:21:58.195root 11241100x8000000000000000333918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5115191ce4134722021-12-21 10:21:58.195root 11241100x8000000000000000333919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5a4d66b3494d2e2021-12-21 10:21:58.195root 11241100x8000000000000000333920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16133f03640027d2021-12-21 10:21:58.196root 11241100x8000000000000000333921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5f19104b060fef2021-12-21 10:21:58.196root 11241100x8000000000000000333922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4035138af58ad032021-12-21 10:21:58.196root 11241100x8000000000000000333923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e0ee06fd6131a2021-12-21 10:21:58.196root 11241100x8000000000000000333924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b1b75c254213e2021-12-21 10:21:58.196root 11241100x8000000000000000333925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4e8538bcc309e12021-12-21 10:21:58.196root 11241100x8000000000000000333926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25edc984a4c57002021-12-21 10:21:58.196root 11241100x8000000000000000333927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42f1dd7921258902021-12-21 10:21:58.196root 11241100x8000000000000000333928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cba38e1cc76a392021-12-21 10:21:58.196root 11241100x8000000000000000333929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d785f0c708af13222021-12-21 10:21:58.196root 11241100x8000000000000000333930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5836e508fb6b5e742021-12-21 10:21:58.196root 11241100x8000000000000000333931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989756d38ba776982021-12-21 10:21:58.197root 11241100x8000000000000000333932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0143df6ce8efa5a72021-12-21 10:21:58.197root 11241100x8000000000000000333933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c66a4cc63560ec2021-12-21 10:21:58.197root 11241100x8000000000000000333934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6de98ce918544db2021-12-21 10:21:58.197root 11241100x8000000000000000333935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d61ee8d9232ec912021-12-21 10:21:58.197root 11241100x8000000000000000333936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd7f1a0402ca12a2021-12-21 10:21:58.197root 11241100x8000000000000000333937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8951d46ad7551b8c2021-12-21 10:21:58.693root 11241100x8000000000000000333938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f056d05e23c0a72021-12-21 10:21:58.693root 11241100x8000000000000000333939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa928083585277ac2021-12-21 10:21:58.694root 11241100x8000000000000000333940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8dd6d488fc7c6b2021-12-21 10:21:58.694root 11241100x8000000000000000333941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e8f9fe2f2332dd2021-12-21 10:21:58.694root 11241100x8000000000000000333942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788faec1fcc26fa42021-12-21 10:21:58.694root 11241100x8000000000000000333943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5562ca07fa8b98542021-12-21 10:21:58.694root 11241100x8000000000000000333944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053f97e1a6a27872021-12-21 10:21:58.694root 11241100x8000000000000000333945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb13ba666e7ac212021-12-21 10:21:58.694root 11241100x8000000000000000333946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65674e700a3859ac2021-12-21 10:21:58.694root 11241100x8000000000000000333947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae1823d23bbef42021-12-21 10:21:58.694root 11241100x8000000000000000333948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5875b27a869b092021-12-21 10:21:58.695root 11241100x8000000000000000333949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500cb74941272ff72021-12-21 10:21:58.695root 11241100x8000000000000000333950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415d76e94e35ed42021-12-21 10:21:58.695root 11241100x8000000000000000333951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4c0d150f2072e42021-12-21 10:21:58.695root 11241100x8000000000000000333952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe335f92f343d0d2021-12-21 10:21:58.696root 11241100x8000000000000000333953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc637e04d93ff2f2021-12-21 10:21:58.696root 11241100x8000000000000000333954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e696900ebabd5cf2021-12-21 10:21:58.696root 11241100x8000000000000000333955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b2bd0e7150bd742021-12-21 10:21:58.696root 11241100x8000000000000000333956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35624663509328422021-12-21 10:21:58.697root 11241100x8000000000000000333957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c474c845146d6302021-12-21 10:21:58.697root 11241100x8000000000000000333958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9d5ece2ad99d92021-12-21 10:21:58.697root 11241100x8000000000000000333959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82c11dfe172f29a2021-12-21 10:21:58.697root 11241100x8000000000000000333960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9235b8ff55e736b22021-12-21 10:21:58.697root 11241100x8000000000000000333961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8addadf48d84be7c2021-12-21 10:21:58.697root 11241100x8000000000000000333962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ecd67a9f806bb82021-12-21 10:21:58.697root 11241100x8000000000000000333963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ca75382faab6ce2021-12-21 10:21:58.697root 11241100x8000000000000000333964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beba53f105ffd0c2021-12-21 10:21:58.700root 11241100x8000000000000000333965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e886d6baef7cf25e2021-12-21 10:21:58.700root 11241100x8000000000000000333966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015beeb32771f0122021-12-21 10:21:58.700root 11241100x8000000000000000333967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3fd80e0f7ca2232021-12-21 10:21:58.700root 11241100x8000000000000000333968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04071e72b94cad2021-12-21 10:21:58.700root 11241100x8000000000000000333969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28700cc92d6efd112021-12-21 10:21:58.700root 11241100x8000000000000000333970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b053f26352bd532021-12-21 10:21:58.701root 11241100x8000000000000000333971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8bb2bd181c3032021-12-21 10:21:58.701root 11241100x8000000000000000333972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07b1e38266e071f2021-12-21 10:21:59.193root 11241100x8000000000000000333973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4317a71b1c8ec72021-12-21 10:21:59.194root 11241100x8000000000000000333974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de4436ae5fb2dff2021-12-21 10:21:59.194root 11241100x8000000000000000333975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40607c23411ea6602021-12-21 10:21:59.194root 11241100x8000000000000000333976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9bad319200e8162021-12-21 10:21:59.195root 11241100x8000000000000000333977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d998e6edd324c32021-12-21 10:21:59.195root 11241100x8000000000000000333978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d13071fe8ce4392021-12-21 10:21:59.195root 11241100x8000000000000000333979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6df5ef596889eb2021-12-21 10:21:59.195root 11241100x8000000000000000333980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a113eab0f29bd3b2021-12-21 10:21:59.195root 11241100x8000000000000000333981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d8e64543940e182021-12-21 10:21:59.195root 11241100x8000000000000000333982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c322da8abf9382021-12-21 10:21:59.195root 11241100x8000000000000000333983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1b8ffd63aae7342021-12-21 10:21:59.195root 11241100x8000000000000000333984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682ecf56d5678ece2021-12-21 10:21:59.196root 11241100x8000000000000000333985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f234392ca6a48aa2021-12-21 10:21:59.196root 11241100x8000000000000000333986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7794c8b989aba582021-12-21 10:21:59.196root 11241100x8000000000000000333987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2b40726fe8c8dd2021-12-21 10:21:59.196root 11241100x8000000000000000333988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a469661ccb0322ca2021-12-21 10:21:59.196root 11241100x8000000000000000333989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dae45a795a29a8e2021-12-21 10:21:59.196root 11241100x8000000000000000333990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae01d3001860fa92021-12-21 10:21:59.196root 11241100x8000000000000000333991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4379ef054c2fdf982021-12-21 10:21:59.196root 11241100x8000000000000000333992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce4fc23860f10d2021-12-21 10:21:59.197root 11241100x8000000000000000333993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f88d60773d63cb2021-12-21 10:21:59.197root 11241100x8000000000000000333994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b4d6083174874d2021-12-21 10:21:59.197root 11241100x8000000000000000333995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e4ba50de7633da2021-12-21 10:21:59.197root 11241100x8000000000000000333996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069901399689d0122021-12-21 10:21:59.197root 11241100x8000000000000000333997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f280de77e8dcc82021-12-21 10:21:59.197root 11241100x8000000000000000333998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7d789713989ca42021-12-21 10:21:59.197root 11241100x8000000000000000333999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7539b6ac4ac321d2021-12-21 10:21:59.197root 11241100x8000000000000000334000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1b3fb59bd5c5c2021-12-21 10:21:59.197root 11241100x8000000000000000334001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b3c39f17ec31c62021-12-21 10:21:59.198root 11241100x8000000000000000334002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d3b59b8584249a2021-12-21 10:21:59.198root 11241100x8000000000000000334003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33116a2e426085022021-12-21 10:21:59.198root 11241100x8000000000000000334004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15968e45cefaac72021-12-21 10:21:59.198root 11241100x8000000000000000334005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c512ec0118add38d2021-12-21 10:21:59.198root 11241100x8000000000000000334006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc6bf71a197e48c2021-12-21 10:21:59.198root 11241100x8000000000000000334007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320eb0a401bc987f2021-12-21 10:21:59.198root 11241100x8000000000000000334008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f236c21c0d951b52021-12-21 10:21:59.693root 11241100x8000000000000000334009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d6091f5f56230c2021-12-21 10:21:59.693root 11241100x8000000000000000334010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f052a53e4859b322021-12-21 10:21:59.693root 11241100x8000000000000000334011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a596b6b093734aa22021-12-21 10:21:59.694root 11241100x8000000000000000334012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cbe5f2d6335a4e2021-12-21 10:21:59.694root 11241100x8000000000000000334013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5492c8e44f18b872021-12-21 10:21:59.694root 11241100x8000000000000000334014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ea47df3136f8152021-12-21 10:21:59.694root 11241100x8000000000000000334015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b292804eb8a03782021-12-21 10:21:59.695root 11241100x8000000000000000334016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bda104da5b050782021-12-21 10:21:59.695root 11241100x8000000000000000334017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0b3596d0163e772021-12-21 10:21:59.695root 11241100x8000000000000000334018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541d65540b9537e12021-12-21 10:21:59.696root 11241100x8000000000000000334019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa981ab0b3260ce62021-12-21 10:21:59.696root 11241100x8000000000000000334020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a2559f851a03952021-12-21 10:21:59.696root 11241100x8000000000000000334021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b9eb2556e1a0022021-12-21 10:21:59.696root 11241100x8000000000000000334022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12203d7c21a39d652021-12-21 10:21:59.697root 11241100x8000000000000000334023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51cfd321ff7621f2021-12-21 10:21:59.697root 11241100x8000000000000000334024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfc41c9089151ff2021-12-21 10:21:59.697root 11241100x8000000000000000334025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a75e964d3593b72021-12-21 10:21:59.697root 11241100x8000000000000000334026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b22c64954ba2162021-12-21 10:21:59.697root 11241100x8000000000000000334027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712ff9fbb914b5d52021-12-21 10:21:59.697root 11241100x8000000000000000334028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c36f14405cd94b2021-12-21 10:21:59.698root 11241100x8000000000000000334029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c130cc77744507d2021-12-21 10:21:59.698root 11241100x8000000000000000334030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e516310460a8152021-12-21 10:21:59.698root 11241100x8000000000000000334031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8003155b565435b22021-12-21 10:21:59.698root 11241100x8000000000000000334032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8ce2a136796d8b2021-12-21 10:21:59.698root 11241100x8000000000000000334033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffff1f698e7f43ed2021-12-21 10:21:59.698root 11241100x8000000000000000334034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefbe84ec613fbac2021-12-21 10:21:59.698root 11241100x8000000000000000334035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99946cb6f57812932021-12-21 10:21:59.698root 11241100x8000000000000000334036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c28eedeb62ae352021-12-21 10:21:59.699root 11241100x8000000000000000334037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02464d691d18d5462021-12-21 10:21:59.699root 11241100x8000000000000000334038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc08d86348a9aa012021-12-21 10:21:59.699root 11241100x8000000000000000334039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7811c9cb211c5c32021-12-21 10:21:59.699root 11241100x8000000000000000334040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb956a27f02df72021-12-21 10:21:59.699root 11241100x8000000000000000334041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f2afa6d4b079fc2021-12-21 10:21:59.699root 11241100x8000000000000000334042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f947f41698bf802021-12-21 10:21:59.699root 11241100x8000000000000000334043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cf6805e88d585e2021-12-21 10:21:59.699root 11241100x8000000000000000334044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c275ac7aac39b02f2021-12-21 10:21:59.700root 11241100x8000000000000000334045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc09a5cd36c964a2021-12-21 10:21:59.700root 354300x8000000000000000334046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46994-false10.0.1.12-8000- 11241100x8000000000000000334047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f77e652e5b370082021-12-21 10:22:00.080root 11241100x8000000000000000334048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6eb0ba19984a752021-12-21 10:22:00.080root 11241100x8000000000000000334049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358aa5fdde69c0d02021-12-21 10:22:00.080root 11241100x8000000000000000334050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c8ab342ef691742021-12-21 10:22:00.080root 11241100x8000000000000000334051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efe982e09ffda82021-12-21 10:22:00.080root 11241100x8000000000000000334052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc3d4b8e6d3a6c92021-12-21 10:22:00.080root 11241100x8000000000000000334053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202f6c9590fe16c82021-12-21 10:22:00.080root 11241100x8000000000000000334054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9628974d45b586f2021-12-21 10:22:00.081root 11241100x8000000000000000334055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635137423efecf1f2021-12-21 10:22:00.081root 11241100x8000000000000000334056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb0ca5f1228d6ac2021-12-21 10:22:00.081root 11241100x8000000000000000334057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754a0d7df2d50e5d2021-12-21 10:22:00.081root 11241100x8000000000000000334058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daa0e33751daa5d2021-12-21 10:22:00.081root 11241100x8000000000000000334059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18c3df6b471a61d2021-12-21 10:22:00.081root 11241100x8000000000000000334060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc781b9ddfc8752f2021-12-21 10:22:00.081root 11241100x8000000000000000334061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec16ef4daab395e12021-12-21 10:22:00.081root 11241100x8000000000000000334062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf8da73446980f42021-12-21 10:22:00.082root 11241100x8000000000000000334063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701b829a67f66b5d2021-12-21 10:22:00.082root 11241100x8000000000000000334064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da942eb021e8512021-12-21 10:22:00.082root 11241100x8000000000000000334065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57652987d48d5eb82021-12-21 10:22:00.082root 11241100x8000000000000000334066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626c7b00799e3e5c2021-12-21 10:22:00.082root 11241100x8000000000000000334067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba7b7a983c34b32021-12-21 10:22:00.082root 11241100x8000000000000000334068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f1445e70d16942021-12-21 10:22:00.082root 11241100x8000000000000000334069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43e8f61f1b11202021-12-21 10:22:00.082root 11241100x8000000000000000334070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c83d32b8529b852021-12-21 10:22:00.083root 11241100x8000000000000000334071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1050976cdb84fd2021-12-21 10:22:00.083root 11241100x8000000000000000334072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390e5436be50708b2021-12-21 10:22:00.083root 11241100x8000000000000000334073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c549603ccab9ca6e2021-12-21 10:22:00.083root 11241100x8000000000000000334074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a42a00dec75e7a2021-12-21 10:22:00.083root 11241100x8000000000000000334075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2bcf75d2608c812021-12-21 10:22:00.084root 11241100x8000000000000000334076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca24d57ad5df3e042021-12-21 10:22:00.084root 11241100x8000000000000000334077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ffd56678bf8662021-12-21 10:22:00.084root 11241100x8000000000000000334078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac4f88a682eddda2021-12-21 10:22:00.084root 11241100x8000000000000000334079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de81a4fea07fb132021-12-21 10:22:00.084root 11241100x8000000000000000334080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958d1eb46f8106d52021-12-21 10:22:00.084root 11241100x8000000000000000334081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a3c358c22ad1212021-12-21 10:22:00.084root 11241100x8000000000000000334082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e1b666468934c2021-12-21 10:22:00.084root 11241100x8000000000000000334083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecac241e4aa72f792021-12-21 10:22:00.084root 11241100x8000000000000000334084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0720c345f5dc3c2021-12-21 10:22:00.084root 11241100x8000000000000000334085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8933bbac347724662021-12-21 10:22:00.085root 11241100x8000000000000000334086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c779efb3e9381ed42021-12-21 10:22:00.085root 11241100x8000000000000000334087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9022ec3d265057ba2021-12-21 10:22:00.085root 11241100x8000000000000000334088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb5fdcb73415c12021-12-21 10:22:00.085root 11241100x8000000000000000334089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4886855434cb4442021-12-21 10:22:00.085root 11241100x8000000000000000334090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9bd9f172cab7822021-12-21 10:22:00.085root 11241100x8000000000000000334091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864e884b1986e7942021-12-21 10:22:00.085root 11241100x8000000000000000334092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1629397ae54f7fc92021-12-21 10:22:00.085root 11241100x8000000000000000334093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dfbb2592aeeea92021-12-21 10:22:00.086root 11241100x8000000000000000334094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c56df5b7aaf31a62021-12-21 10:22:00.086root 11241100x8000000000000000334095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75169e9a1d7c7462021-12-21 10:22:00.086root 11241100x8000000000000000334096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9343b6268cd2d0162021-12-21 10:22:00.086root 11241100x8000000000000000334097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f54fdfda5eb43a2021-12-21 10:22:00.086root 11241100x8000000000000000334098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b69c6178e311e92021-12-21 10:22:00.086root 11241100x8000000000000000334099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a4d0e4dee46612021-12-21 10:22:00.086root 11241100x8000000000000000334100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8221e685112128a2021-12-21 10:22:00.087root 11241100x8000000000000000334101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cba02a169712d2021-12-21 10:22:00.087root 11241100x8000000000000000334102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8b260d37e26f8c2021-12-21 10:22:00.087root 11241100x8000000000000000334103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea310ab144fd3672021-12-21 10:22:00.087root 11241100x8000000000000000334104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854df210e77a4a5e2021-12-21 10:22:00.087root 11241100x8000000000000000334105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21811990576c312b2021-12-21 10:22:00.087root 11241100x8000000000000000334106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e552067294efe2df2021-12-21 10:22:00.087root 11241100x8000000000000000334107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26534cd8d02fcb802021-12-21 10:22:00.087root 11241100x8000000000000000334108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92ed92f4afb3b2c2021-12-21 10:22:00.087root 11241100x8000000000000000334109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264a0ce782104ef32021-12-21 10:22:00.087root 11241100x8000000000000000334110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101e5fb507b11def2021-12-21 10:22:00.087root 11241100x8000000000000000334111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1687905768b83372021-12-21 10:22:00.088root 11241100x8000000000000000334112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d366b9071b26802021-12-21 10:22:00.088root 11241100x8000000000000000334113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e67df854599386e2021-12-21 10:22:00.088root 11241100x8000000000000000334114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8de9c344a33ba22021-12-21 10:22:00.088root 11241100x8000000000000000334115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f658da8aa957aa62021-12-21 10:22:00.088root 11241100x8000000000000000334116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae7feb7406fd3b12021-12-21 10:22:00.088root 11241100x8000000000000000334117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bdd34a1d3cdd902021-12-21 10:22:00.088root 11241100x8000000000000000334118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fa0ce1040f73772021-12-21 10:22:00.089root 11241100x8000000000000000334119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3273a7d1f9045eea2021-12-21 10:22:00.089root 11241100x8000000000000000334120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0047996e78a5e0ef2021-12-21 10:22:00.089root 11241100x8000000000000000334121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7ee6ceb6cbca402021-12-21 10:22:00.443root 11241100x8000000000000000334122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323ebfef3d67f39a2021-12-21 10:22:00.443root 11241100x8000000000000000334123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdbf0ccd6be19172021-12-21 10:22:00.443root 11241100x8000000000000000334124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4c9ac226c83ff2021-12-21 10:22:00.443root 11241100x8000000000000000334125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e862e7a42977ec2021-12-21 10:22:00.443root 11241100x8000000000000000334126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecb5d0cf85adf632021-12-21 10:22:00.443root 11241100x8000000000000000334127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eb56d496ec11492021-12-21 10:22:00.443root 11241100x8000000000000000334128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d69b1fe41f114e2021-12-21 10:22:00.443root 11241100x8000000000000000334129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf00563808a12c2021-12-21 10:22:00.444root 11241100x8000000000000000334130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85af9a0e62f50142021-12-21 10:22:00.444root 11241100x8000000000000000334131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bef554e614c5bf2021-12-21 10:22:00.445root 11241100x8000000000000000334132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69df0b06a6e1fcd62021-12-21 10:22:00.445root 11241100x8000000000000000334133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b342627ef4c7c712021-12-21 10:22:00.445root 11241100x8000000000000000334134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d071318ebb1476e72021-12-21 10:22:00.446root 11241100x8000000000000000334135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388354251223c5142021-12-21 10:22:00.446root 11241100x8000000000000000334136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c607557b85ea6832021-12-21 10:22:00.446root 11241100x8000000000000000334137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5a8027c95b56722021-12-21 10:22:00.446root 11241100x8000000000000000334138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479f21ee34d73c12021-12-21 10:22:00.447root 11241100x8000000000000000334139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e0b7d7b822a6c12021-12-21 10:22:00.447root 11241100x8000000000000000334140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc0bc41cb87f0be2021-12-21 10:22:00.447root 11241100x8000000000000000334141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134986f6e54d8c8b2021-12-21 10:22:00.447root 11241100x8000000000000000334142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4fa61bea7309932021-12-21 10:22:00.447root 11241100x8000000000000000334143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fa2c37c93b5d222021-12-21 10:22:00.448root 11241100x8000000000000000334144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db49a9f7945a43702021-12-21 10:22:00.448root 11241100x8000000000000000334145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7517b66735fd6ed2021-12-21 10:22:00.448root 11241100x8000000000000000334146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d48971555fff8f2021-12-21 10:22:00.448root 11241100x8000000000000000334147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4eec25c9d6c5e42021-12-21 10:22:00.448root 11241100x8000000000000000334148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a48df875f32d32021-12-21 10:22:00.449root 11241100x8000000000000000334149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd8a43bca56f132021-12-21 10:22:00.449root 11241100x8000000000000000334150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904415d900c068d82021-12-21 10:22:00.449root 11241100x8000000000000000334151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b23b67658810702021-12-21 10:22:00.449root 11241100x8000000000000000334152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd51745b33513b02021-12-21 10:22:00.449root 11241100x8000000000000000334153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa5b0b2e41cd51f2021-12-21 10:22:00.450root 11241100x8000000000000000334154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b267628a7f3219a2021-12-21 10:22:00.450root 11241100x8000000000000000334155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5654e0d0965dc2021-12-21 10:22:00.450root 11241100x8000000000000000334156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e97827324a21652021-12-21 10:22:00.450root 11241100x8000000000000000334157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb41b475326ff8a2021-12-21 10:22:00.451root 11241100x8000000000000000334158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c30709b317708aa2021-12-21 10:22:00.451root 11241100x8000000000000000334159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945aec5c89c781a92021-12-21 10:22:00.451root 11241100x8000000000000000334160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474b7308d251828e2021-12-21 10:22:00.451root 11241100x8000000000000000334161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaff8fed97caec2b2021-12-21 10:22:00.451root 11241100x8000000000000000334162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a255f003b62da2021-12-21 10:22:00.451root 11241100x8000000000000000334163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f51676ade7a2a922021-12-21 10:22:00.451root 11241100x8000000000000000334164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245804d899efd0ad2021-12-21 10:22:00.452root 11241100x8000000000000000334165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.698{ec2b6afe-aac8-61c1-e0f7-1f3839560000}5584/usr/sbin/sshd/proc/5584/oom_score_adj2021-12-21 10:22:00.698root 154100x8000000000000000334166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.698{ec2b6afe-aac8-61c1-e0a7-07c689550000}5584/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1173--- 11241100x8000000000000000334167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45353193cc20f6562021-12-21 10:22:00.699root 11241100x8000000000000000334168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c2752f60149f12021-12-21 10:22:00.699root 11241100x8000000000000000334169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c41a9a328ed83ed2021-12-21 10:22:00.700root 11241100x8000000000000000334170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac45b72d793b5a92021-12-21 10:22:00.700root 11241100x8000000000000000334171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f42d0f62e5fb452021-12-21 10:22:00.700root 11241100x8000000000000000334172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80128b6ed2f4c72021-12-21 10:22:00.700root 11241100x8000000000000000334173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f050f57b432f25262021-12-21 10:22:00.701root 11241100x8000000000000000334174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24368f98a70ed5572021-12-21 10:22:00.701root 11241100x8000000000000000334175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7835c2b5854b29b92021-12-21 10:22:00.701root 11241100x8000000000000000334176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43294487c23844d02021-12-21 10:22:00.702root 11241100x8000000000000000334177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e41d00475ad7ea42021-12-21 10:22:00.702root 11241100x8000000000000000334178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04600ff9011b65262021-12-21 10:22:00.703root 11241100x8000000000000000334179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0494c4e285a32e32021-12-21 10:22:00.703root 11241100x8000000000000000334180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fe910392c1c2da2021-12-21 10:22:00.704root 11241100x8000000000000000334181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf8ed782b416822021-12-21 10:22:00.704root 11241100x8000000000000000334182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d428e3df604c848f2021-12-21 10:22:00.704root 11241100x8000000000000000334183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f79c83d4ee043222021-12-21 10:22:00.704root 11241100x8000000000000000334184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc5d06baeb1a6a22021-12-21 10:22:00.704root 11241100x8000000000000000334185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a62cfe2e3a3232021-12-21 10:22:00.705root 11241100x8000000000000000334186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436caa514077c8e32021-12-21 10:22:00.705root 11241100x8000000000000000334187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe05638d20664b2021-12-21 10:22:00.705root 11241100x8000000000000000334188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311dcbe2666fa372021-12-21 10:22:00.705root 11241100x8000000000000000334189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee0edeecec389d12021-12-21 10:22:00.705root 11241100x8000000000000000334190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d50d7aa716375a2021-12-21 10:22:00.706root 11241100x8000000000000000334191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecdc0e7da95310c2021-12-21 10:22:00.706root 11241100x8000000000000000334192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fab4a3b94742a612021-12-21 10:22:00.706root 11241100x8000000000000000334193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92823a7827c1b5d2021-12-21 10:22:00.706root 11241100x8000000000000000334194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93caf4962bd2fc322021-12-21 10:22:00.706root 11241100x8000000000000000334195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fab0a5f1613dd52021-12-21 10:22:00.707root 11241100x8000000000000000334196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5fe6f1328456212021-12-21 10:22:00.707root 11241100x8000000000000000334197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37063a7aeddcf662021-12-21 10:22:00.707root 11241100x8000000000000000334198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5985897162d23ee2021-12-21 10:22:00.707root 11241100x8000000000000000334199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dea30c7c1f42ed92021-12-21 10:22:00.707root 11241100x8000000000000000334200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101669c10e90c1d32021-12-21 10:22:00.707root 11241100x8000000000000000334201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9646b99519c972021-12-21 10:22:00.707root 11241100x8000000000000000334202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fa037a958b11192021-12-21 10:22:00.708root 11241100x8000000000000000334203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002baaad63aab052021-12-21 10:22:00.708root 11241100x8000000000000000334204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc371b51dc347d92021-12-21 10:22:00.708root 11241100x8000000000000000334205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f3d40bbaf17232021-12-21 10:22:00.708root 11241100x8000000000000000334206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c03cffaafcb7b982021-12-21 10:22:00.708root 11241100x8000000000000000334207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f81709f4e45862021-12-21 10:22:00.708root 11241100x8000000000000000334208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46df958489d889b02021-12-21 10:22:00.708root 11241100x8000000000000000334209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe901161cd929c2021-12-21 10:22:00.708root 11241100x8000000000000000334210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c11f828a703482021-12-21 10:22:00.708root 11241100x8000000000000000334211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e421ac802e989b1a2021-12-21 10:22:00.709root 11241100x8000000000000000334212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db23edb17a8e22e82021-12-21 10:22:00.709root 11241100x8000000000000000334213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7588baae7036f8f2021-12-21 10:22:00.709root 11241100x8000000000000000334214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e04d69cad0db0cc2021-12-21 10:22:00.709root 11241100x8000000000000000334215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ece4c809c7f60a92021-12-21 10:22:00.709root 11241100x8000000000000000334216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4316e4e75c2784572021-12-21 10:22:01.193root 11241100x8000000000000000334217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e0ec25c9bea192021-12-21 10:22:01.193root 11241100x8000000000000000334218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14346788b3db40742021-12-21 10:22:01.193root 11241100x8000000000000000334219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4ee31b52f5b9742021-12-21 10:22:01.193root 11241100x8000000000000000334220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f60c3df470eb2ae2021-12-21 10:22:01.194root 11241100x8000000000000000334221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25626ada69c284d52021-12-21 10:22:01.194root 11241100x8000000000000000334222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6cfbf2ae26845c2021-12-21 10:22:01.194root 11241100x8000000000000000334223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbb2a34ff943efe2021-12-21 10:22:01.194root 11241100x8000000000000000334224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f19c727e2de6322021-12-21 10:22:01.194root 11241100x8000000000000000334225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbabc1cb6b68a232021-12-21 10:22:01.194root 11241100x8000000000000000334226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4c244a890adcb2021-12-21 10:22:01.194root 11241100x8000000000000000334227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21a7d524740eea72021-12-21 10:22:01.195root 11241100x8000000000000000334228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9c162d880231852021-12-21 10:22:01.195root 11241100x8000000000000000334229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20a292018a98e12021-12-21 10:22:01.195root 11241100x8000000000000000334230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0613f566f4eef2021-12-21 10:22:01.195root 11241100x8000000000000000334231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3c2669bd3b53b72021-12-21 10:22:01.195root 11241100x8000000000000000334232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff44834c28688b12021-12-21 10:22:01.195root 11241100x8000000000000000334233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d8f4a295bad6e72021-12-21 10:22:01.195root 11241100x8000000000000000334234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912e62dc81b94442021-12-21 10:22:01.196root 11241100x8000000000000000334235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a857530d4dbf892b2021-12-21 10:22:01.196root 11241100x8000000000000000334236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54697f2d9218a4a2021-12-21 10:22:01.196root 11241100x8000000000000000334237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670473428910a8322021-12-21 10:22:01.196root 11241100x8000000000000000334238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731b153a74dcd6d52021-12-21 10:22:01.196root 11241100x8000000000000000334239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe646241451ff4032021-12-21 10:22:01.196root 11241100x8000000000000000334240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac6b9abb7d0cb32021-12-21 10:22:01.196root 11241100x8000000000000000334241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327b6cd9e756f7fe2021-12-21 10:22:01.197root 11241100x8000000000000000334242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f5670548eb42c2021-12-21 10:22:01.197root 11241100x8000000000000000334243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd80ebc5613b383d2021-12-21 10:22:01.197root 11241100x8000000000000000334244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9812ac57f9b3f3b2021-12-21 10:22:01.197root 11241100x8000000000000000334245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa95b22c1e849f2021-12-21 10:22:01.197root 11241100x8000000000000000334246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71494daddbcc363d2021-12-21 10:22:01.197root 11241100x8000000000000000334247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81130411fa9244aa2021-12-21 10:22:01.198root 11241100x8000000000000000334248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cea6d058cab97a2021-12-21 10:22:01.198root 11241100x8000000000000000334249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5055d9800688b6732021-12-21 10:22:01.198root 11241100x8000000000000000334250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34413c2480e60e9e2021-12-21 10:22:01.198root 11241100x8000000000000000334251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ef5fd1006a7152021-12-21 10:22:01.198root 11241100x8000000000000000334252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54c422b0c9fcbe12021-12-21 10:22:01.198root 11241100x8000000000000000334253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b4de3bfce120d42021-12-21 10:22:01.198root 11241100x8000000000000000334254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b480762fc2ad14f52021-12-21 10:22:01.199root 11241100x8000000000000000334255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e14152abe1e2fed2021-12-21 10:22:01.199root 11241100x8000000000000000334256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697521ed688d93942021-12-21 10:22:01.199root 11241100x8000000000000000334257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d765b392816db82021-12-21 10:22:01.199root 11241100x8000000000000000334258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487daf348a4fe79b2021-12-21 10:22:01.199root 11241100x8000000000000000334259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ecf13793757e2a2021-12-21 10:22:01.199root 11241100x8000000000000000334260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a04813f330d2782021-12-21 10:22:01.199root 11241100x8000000000000000334261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7100702715357642021-12-21 10:22:01.199root 11241100x8000000000000000334262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef753ad331f50e52021-12-21 10:22:01.200root 11241100x8000000000000000334263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc29abe74496302021-12-21 10:22:01.200root 11241100x8000000000000000334264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df01f28bc1f199542021-12-21 10:22:01.200root 11241100x8000000000000000334265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d3c2e09e624cd82021-12-21 10:22:01.200root 11241100x8000000000000000334266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b024538cdaba38e2021-12-21 10:22:01.200root 11241100x8000000000000000334267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb78a32752d42f2021-12-21 10:22:01.200root 11241100x8000000000000000334268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ffbc4c25cbf0a32021-12-21 10:22:01.200root 11241100x8000000000000000334269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5443a5de3fa4e4172021-12-21 10:22:01.200root 11241100x8000000000000000334270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d470c78c13817062021-12-21 10:22:01.200root 11241100x8000000000000000334271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248df5a07ab2d1ae2021-12-21 10:22:01.200root 11241100x8000000000000000334272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c3dac88dade82e2021-12-21 10:22:01.201root 11241100x8000000000000000334273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e4791a851bfee42021-12-21 10:22:01.693root 11241100x8000000000000000334274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72f21475453a13a2021-12-21 10:22:01.693root 11241100x8000000000000000334275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006acfa6ad84dbd02021-12-21 10:22:01.693root 11241100x8000000000000000334276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2537b81a30b65bd2021-12-21 10:22:01.693root 11241100x8000000000000000334277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5e24d977288692021-12-21 10:22:01.693root 11241100x8000000000000000334278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250aa9dcce4314032021-12-21 10:22:01.693root 11241100x8000000000000000334279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffc48cb30d69e042021-12-21 10:22:01.693root 11241100x8000000000000000334280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0473499a87f938482021-12-21 10:22:01.693root 11241100x8000000000000000334281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a756ef074d6f0b2021-12-21 10:22:01.693root 11241100x8000000000000000334282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556507ca15b4dbe12021-12-21 10:22:01.693root 11241100x8000000000000000334283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882cae877b08ffd32021-12-21 10:22:01.693root 11241100x8000000000000000334284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11e4e9b51a59112021-12-21 10:22:01.693root 11241100x8000000000000000334285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae67694412bb025c2021-12-21 10:22:01.694root 11241100x8000000000000000334286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0638019ff8714db72021-12-21 10:22:01.694root 11241100x8000000000000000334287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8225acea59e90c2021-12-21 10:22:01.694root 11241100x8000000000000000334288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16a1883645f53112021-12-21 10:22:01.694root 11241100x8000000000000000334289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b0a35cb74a10d52021-12-21 10:22:01.694root 11241100x8000000000000000334290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4580851f106dceb2021-12-21 10:22:01.694root 11241100x8000000000000000334291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db7e714204118232021-12-21 10:22:01.694root 11241100x8000000000000000334292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601ecbb8eaeb64972021-12-21 10:22:01.694root 11241100x8000000000000000334293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbef4f14f0a7bae22021-12-21 10:22:01.695root 11241100x8000000000000000334294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bc7098e521a7712021-12-21 10:22:01.695root 11241100x8000000000000000334295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4e461ed13c48c2021-12-21 10:22:01.695root 11241100x8000000000000000334296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4775b3023e767a42021-12-21 10:22:01.695root 11241100x8000000000000000334297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6909addda7466b2021-12-21 10:22:01.695root 11241100x8000000000000000334298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3361be38e5c9ea22021-12-21 10:22:01.695root 11241100x8000000000000000334299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d30b8b89ef4112021-12-21 10:22:01.696root 11241100x8000000000000000334300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ed4bbe33641c1c2021-12-21 10:22:01.696root 11241100x8000000000000000334301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f99131643b64212021-12-21 10:22:01.696root 11241100x8000000000000000334302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd316bca0f030262021-12-21 10:22:01.696root 11241100x8000000000000000334303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439d3c992640260f2021-12-21 10:22:01.696root 11241100x8000000000000000334304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d30b72f2ae20422021-12-21 10:22:01.696root 11241100x8000000000000000334305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934892df2b46b4fd2021-12-21 10:22:01.696root 11241100x8000000000000000334306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b44092b42a5b0f12021-12-21 10:22:01.696root 11241100x8000000000000000334307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0007d5990eba7c022021-12-21 10:22:01.697root 11241100x8000000000000000334308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7182095fb5b4f32021-12-21 10:22:01.697root 11241100x8000000000000000334309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e654360de0694cc2021-12-21 10:22:01.697root 11241100x8000000000000000334310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d67927c8ffff7382021-12-21 10:22:01.697root 11241100x8000000000000000334311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4a3815fff14c212021-12-21 10:22:01.697root 11241100x8000000000000000334312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f8849c19a44642021-12-21 10:22:01.697root 11241100x8000000000000000334313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c8facdf14b00fa2021-12-21 10:22:01.697root 11241100x8000000000000000334314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b76c78288149c32021-12-21 10:22:01.697root 11241100x8000000000000000334315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143350f9746dd632021-12-21 10:22:01.697root 11241100x8000000000000000334316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9b44c77b3ed59e2021-12-21 10:22:01.698root 11241100x8000000000000000334317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad9163ce7e640a2021-12-21 10:22:01.698root 11241100x8000000000000000334318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d5f977a600c372021-12-21 10:22:01.698root 11241100x8000000000000000334319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c050d1cdc2eded72021-12-21 10:22:01.698root 11241100x8000000000000000334320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950945a0920fa27e2021-12-21 10:22:01.698root 11241100x8000000000000000334321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef0f36eed75cbd2021-12-21 10:22:01.698root 11241100x8000000000000000334322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6b4c31f83ef43d2021-12-21 10:22:01.698root 11241100x8000000000000000334323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db18950e0b0c9aee2021-12-21 10:22:01.699root 11241100x8000000000000000334324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ec531f8c64db942021-12-21 10:22:01.699root 11241100x8000000000000000334325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eec9a6de50aafb2021-12-21 10:22:01.699root 11241100x8000000000000000334326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a9759e5a7dbf12021-12-21 10:22:01.699root 11241100x8000000000000000334327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45282abb2d2b4b402021-12-21 10:22:01.699root 11241100x8000000000000000334328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f40db53472529f22021-12-21 10:22:01.699root 11241100x8000000000000000334329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def07e7c0c2705112021-12-21 10:22:01.700root 11241100x8000000000000000334330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffbd4eb70fd4aca2021-12-21 10:22:01.700root 11241100x8000000000000000334331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb58c6feb6a6a9ab2021-12-21 10:22:01.700root 11241100x8000000000000000334332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eb11d0447b8ed92021-12-21 10:22:01.700root 11241100x8000000000000000334333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78f19a254fc85152021-12-21 10:22:02.193root 11241100x8000000000000000334334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed3ff352050a1e72021-12-21 10:22:02.193root 11241100x8000000000000000334335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38af0936e41f38b22021-12-21 10:22:02.193root 11241100x8000000000000000334336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95685e343fa60ed62021-12-21 10:22:02.193root 11241100x8000000000000000334337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30e20ad3ce2a1352021-12-21 10:22:02.193root 11241100x8000000000000000334338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593e606928b93bc2021-12-21 10:22:02.194root 11241100x8000000000000000334339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3e58c8493fa4d2021-12-21 10:22:02.194root 11241100x8000000000000000334340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbe1f5c60507ab72021-12-21 10:22:02.194root 11241100x8000000000000000334341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddc9a82830aadf82021-12-21 10:22:02.194root 11241100x8000000000000000334342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb773f0e02cace72021-12-21 10:22:02.194root 11241100x8000000000000000334343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c02b4e0c21a8382021-12-21 10:22:02.194root 11241100x8000000000000000334344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d50f7c67c4fd902021-12-21 10:22:02.194root 11241100x8000000000000000334345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbeccf49bda78c62021-12-21 10:22:02.194root 11241100x8000000000000000334346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc74cacfa4f2c0542021-12-21 10:22:02.194root 11241100x8000000000000000334347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63815c999df5fcbe2021-12-21 10:22:02.195root 11241100x8000000000000000334348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c71258204cc61b2021-12-21 10:22:02.195root 11241100x8000000000000000334349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5de8364fa66c62021-12-21 10:22:02.195root 11241100x8000000000000000334350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf6272c666fd9972021-12-21 10:22:02.195root 11241100x8000000000000000334351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70eeacbb35b22db12021-12-21 10:22:02.195root 11241100x8000000000000000334352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733f296ce228961d2021-12-21 10:22:02.196root 11241100x8000000000000000334353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7695198465e5da882021-12-21 10:22:02.196root 11241100x8000000000000000334354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d722a18063a2c4b2021-12-21 10:22:02.196root 11241100x8000000000000000334355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2328a291d7ef89052021-12-21 10:22:02.196root 11241100x8000000000000000334356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7616c103a6d09b2021-12-21 10:22:02.196root 11241100x8000000000000000334357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e218f19d410172fd2021-12-21 10:22:02.196root 11241100x8000000000000000334358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53774c5248e9cac72021-12-21 10:22:02.196root 11241100x8000000000000000334359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847f1b5538a2a66c2021-12-21 10:22:02.196root 11241100x8000000000000000334360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee64ab46fd958c82021-12-21 10:22:02.196root 11241100x8000000000000000334361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48843b21b2ce4a1f2021-12-21 10:22:02.196root 11241100x8000000000000000334362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162902640e0bd67d2021-12-21 10:22:02.196root 11241100x8000000000000000334363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265d01a66f49bd142021-12-21 10:22:02.196root 11241100x8000000000000000334364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90925c6a9c0fd14b2021-12-21 10:22:02.196root 11241100x8000000000000000334365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ab46b74dc7d2952021-12-21 10:22:02.196root 11241100x8000000000000000334366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b6aea993f4a342021-12-21 10:22:02.197root 11241100x8000000000000000334367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c666aec375caff2021-12-21 10:22:02.197root 11241100x8000000000000000334368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3c7b8228365fb2021-12-21 10:22:02.197root 11241100x8000000000000000334369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecd81fafbc2d71f2021-12-21 10:22:02.197root 11241100x8000000000000000334370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7b490bb82007392021-12-21 10:22:02.197root 11241100x8000000000000000334371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8f2a1c2ffb5af2021-12-21 10:22:02.197root 11241100x8000000000000000334372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73f5ff11fb408ee2021-12-21 10:22:02.197root 11241100x8000000000000000334373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b296c178621179902021-12-21 10:22:02.197root 11241100x8000000000000000334374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80007c0631ded582021-12-21 10:22:02.197root 11241100x8000000000000000334375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d5e248ef98e312021-12-21 10:22:02.197root 11241100x8000000000000000334376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494110a22c6fd752021-12-21 10:22:02.197root 11241100x8000000000000000334377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6840c128103682021-12-21 10:22:02.197root 11241100x8000000000000000334378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c778de093b18b92021-12-21 10:22:02.198root 11241100x8000000000000000334379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0db7ba10d65b5e72021-12-21 10:22:02.198root 11241100x8000000000000000334380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862de18b78139e392021-12-21 10:22:02.198root 11241100x8000000000000000334381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef1dff1dbeea05c2021-12-21 10:22:02.198root 11241100x8000000000000000334382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65eecefed1be7632021-12-21 10:22:02.198root 11241100x8000000000000000334383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c25a4c3289cc0942021-12-21 10:22:02.198root 11241100x8000000000000000334384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accb1c2416e0c2642021-12-21 10:22:02.198root 11241100x8000000000000000334385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a6be38c0741842021-12-21 10:22:02.198root 11241100x8000000000000000334386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc7bbf93cb9cf1b2021-12-21 10:22:02.198root 11241100x8000000000000000334387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575629d81da4b2ef2021-12-21 10:22:02.693root 11241100x8000000000000000334388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce981425c9a2f6c02021-12-21 10:22:02.693root 11241100x8000000000000000334389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cae3aec4b1928f2021-12-21 10:22:02.694root 11241100x8000000000000000334390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad9d5fdc245f042021-12-21 10:22:02.694root 11241100x8000000000000000334391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22a54399303e82b2021-12-21 10:22:02.694root 11241100x8000000000000000334392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bfdfabd5e7d2e22021-12-21 10:22:02.694root 11241100x8000000000000000334393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def7623da34d8c3c2021-12-21 10:22:02.694root 11241100x8000000000000000334394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6476044828ac1ae2021-12-21 10:22:02.695root 11241100x8000000000000000334395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec46cbb950b50ee42021-12-21 10:22:02.695root 11241100x8000000000000000334396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eef730d3e9dbbc52021-12-21 10:22:02.695root 11241100x8000000000000000334397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f2495c4a73b07b2021-12-21 10:22:02.695root 11241100x8000000000000000334398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7104395aababcd2021-12-21 10:22:02.695root 11241100x8000000000000000334399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39388888a172b9a2021-12-21 10:22:02.695root 11241100x8000000000000000334400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd49724ce5c4d2d2021-12-21 10:22:02.695root 11241100x8000000000000000334401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0639ad95fd1a6cf52021-12-21 10:22:02.695root 11241100x8000000000000000334402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93517fa62f8671f32021-12-21 10:22:02.695root 11241100x8000000000000000334403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39063440781447e52021-12-21 10:22:02.695root 11241100x8000000000000000334404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8602d34b067fc0f32021-12-21 10:22:02.696root 11241100x8000000000000000334405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582bbb51a44948692021-12-21 10:22:02.696root 11241100x8000000000000000334406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aa8e7acb5d17002021-12-21 10:22:02.696root 11241100x8000000000000000334407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb267650297c0b32021-12-21 10:22:02.696root 11241100x8000000000000000334408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca750138c92909b92021-12-21 10:22:02.696root 11241100x8000000000000000334409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8f8df11bbf7a0d2021-12-21 10:22:02.696root 11241100x8000000000000000334410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15157f190085da72021-12-21 10:22:02.696root 11241100x8000000000000000334411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9c24a2b9486dd02021-12-21 10:22:02.696root 11241100x8000000000000000334412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e79561d13490f1f2021-12-21 10:22:02.696root 11241100x8000000000000000334413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf112e5366e029d2021-12-21 10:22:02.696root 11241100x8000000000000000334414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac11ba9f4050d0f2021-12-21 10:22:02.697root 11241100x8000000000000000334415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797284eb000d421a2021-12-21 10:22:02.697root 11241100x8000000000000000334416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc9a99a353dc49f2021-12-21 10:22:02.697root 11241100x8000000000000000334417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aacb1f1bb08290c2021-12-21 10:22:02.697root 11241100x8000000000000000334418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595949958b0e48032021-12-21 10:22:02.697root 11241100x8000000000000000334419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b11feec248b4402021-12-21 10:22:02.697root 11241100x8000000000000000334420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b439c01b3713a4852021-12-21 10:22:02.697root 11241100x8000000000000000334421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a588b46a8e1113c2021-12-21 10:22:02.697root 11241100x8000000000000000334422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe7eae31727c4ad2021-12-21 10:22:02.697root 11241100x8000000000000000334423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d747f4141369ae2021-12-21 10:22:02.697root 11241100x8000000000000000334424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac01561942970ae2021-12-21 10:22:02.698root 11241100x8000000000000000334425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fa0e6aa78c41792021-12-21 10:22:02.698root 11241100x8000000000000000334426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c13809581562b5f2021-12-21 10:22:02.698root 11241100x8000000000000000334427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ab1573c6cfc4262021-12-21 10:22:02.698root 11241100x8000000000000000334428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8366872f5d7644852021-12-21 10:22:02.698root 534500x8000000000000000334429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.842{ec2b6afe-a535-61c1-0000-000000000000}5585-sshd 11241100x8000000000000000334430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.844{ec2b6afe-922b-61c1-5869-7f35a1550000}1/lib/systemd/systemd/run/systemd/transient/session-6.scope2021-12-21 10:22:02.844root 11241100x8000000000000000334431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.847{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/sessions/.#6IWamAo2021-12-21 10:22:02.847root 11241100x8000000000000000334432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.847{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/users/.#1000cEMEB02021-12-21 10:22:02.847root 11241100x8000000000000000334433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/sessions/.#6IPUYCC2021-12-21 10:22:02.848root 11241100x8000000000000000334434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/sessions/.#6ovHjEe2021-12-21 10:22:02.848root 11241100x8000000000000000334435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/users/.#1000yiWEFQ2021-12-21 10:22:02.848root 154100x8000000000000000334436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aac8-61c1-e0a7-07c689550000}5584/usr/sbin/sshd/usr/sbin/sshdroot 11241100x8000000000000000334437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.849{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dash/run/motd.dynamic.new2021-12-21 10:22:02.849root 154100x8000000000000000334438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.849{ec2b6afe-aaca-61c1-785c-6f542d560000}5587/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dashshroot 154100x8000000000000000334439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.849{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dashshroot 154100x8000000000000000334440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.851{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 154100x8000000000000000334441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.851{ec2b6afe-aaca-61c1-803e-2775a3550000}5589/bin/uname-----uname -o/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash/bin/shroot 534500x8000000000000000334442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.852{ec2b6afe-aaca-61c1-803e-2775a3550000}5589/bin/unameroot 154100x8000000000000000334443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.852{ec2b6afe-aaca-61c1-801e-929dea550000}5590/bin/uname-----uname -r/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash/bin/shroot 534500x8000000000000000334444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.853{ec2b6afe-aaca-61c1-801e-929dea550000}5590/bin/unameroot 154100x8000000000000000334445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.853{ec2b6afe-aaca-61c1-80fe-88b10b560000}5591/bin/uname-----uname -m/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash/bin/shroot 534500x8000000000000000334446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-80fe-88b10b560000}5591/bin/unameroot 534500x8000000000000000334447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dashroot 154100x8000000000000000334448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-6882-6e3ed6550000}5592/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 534500x8000000000000000334449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-6882-6e3ed6550000}5592/bin/dashroot 154100x8000000000000000334450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.855{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 154100x8000000000000000334451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.856{ec2b6afe-aaca-61c1-505c-36861a560000}5594/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash/bin/shroot 534500x8000000000000000334452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.857{ec2b6afe-aaca-61c1-505c-36861a560000}5594/bin/greproot 154100x8000000000000000334453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.857{ec2b6afe-aaca-61c1-986f-bbfaba550000}5597/usr/bin/bc-----bc/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5595--- 154100x8000000000000000334454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.857{ec2b6afe-aaca-61c1-b8e0-41ed65550000}5598/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5596--- 534500x8000000000000000334455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{ec2b6afe-aaca-61c1-b8e0-41ed65550000}5598/usr/bin/cutroot 534500x8000000000000000334456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{ec2b6afe-aaca-61c1-0000-000000000000}5596-root 534500x8000000000000000334457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{ec2b6afe-aaca-61c1-986f-bbfaba550000}5597/usr/bin/bcroot 534500x8000000000000000334458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{00000000-0000-0000-0000-000000000000}5595<unknown process>root 154100x8000000000000000334459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.860{ec2b6afe-aaca-61c1-08ef-61e257550000}5599/bin/date-----/bin/date/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash/bin/shroot 534500x8000000000000000334460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.861{ec2b6afe-aaca-61c1-08ef-61e257550000}5599/bin/dateroot 154100x8000000000000000334461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.861{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash/bin/shroot 154100x8000000000000000334462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.029{ec2b6afe-aacb-61c1-68d2-1bdd2d560000}5601/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000334463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.029{ec2b6afe-aacb-61c1-b03f-f8d5577f0000}5601/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000334464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-aacb-61c1-b03f-f8d5577f0000}5601/sbin/ldconfig.realroot 11241100x8000000000000000334465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf09a850c87bc1b52021-12-21 10:22:03.031root 11241100x8000000000000000334466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bf9919c10aae232021-12-21 10:22:03.031root 11241100x8000000000000000334467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc64be785305dac2021-12-21 10:22:03.031root 11241100x8000000000000000334468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c756917f05bb60892021-12-21 10:22:03.032root 11241100x8000000000000000334469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9457d088daa83bb2021-12-21 10:22:03.032root 11241100x8000000000000000334470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada9fddff722d662021-12-21 10:22:03.032root 11241100x8000000000000000334471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b16726067d3fb022021-12-21 10:22:03.032root 11241100x8000000000000000334472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ac359fde171df2021-12-21 10:22:03.032root 11241100x8000000000000000334473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9b4e31f0f4e2662021-12-21 10:22:03.032root 11241100x8000000000000000334474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fdd49b553a9e352021-12-21 10:22:03.032root 11241100x8000000000000000334475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15956b535a475d432021-12-21 10:22:03.032root 11241100x8000000000000000334476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c5ffcf3e42141d2021-12-21 10:22:03.032root 11241100x8000000000000000334477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364661a0b24d973c2021-12-21 10:22:03.032root 11241100x8000000000000000334478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3525c0107bdea94a2021-12-21 10:22:03.033root 11241100x8000000000000000334479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941e044f5bc89f072021-12-21 10:22:03.033root 11241100x8000000000000000334480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835781b467ba251c2021-12-21 10:22:03.033root 11241100x8000000000000000334481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51b321b0c1849b12021-12-21 10:22:03.033root 11241100x8000000000000000334482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10b7595f2d6cc32021-12-21 10:22:03.033root 11241100x8000000000000000334483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9907e671707c18ed2021-12-21 10:22:03.033root 11241100x8000000000000000334484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044afa1291cb51132021-12-21 10:22:03.034root 11241100x8000000000000000334485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee763e4687e18eb2021-12-21 10:22:03.034root 11241100x8000000000000000334486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9848ab3293024a2021-12-21 10:22:03.034root 11241100x8000000000000000334487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f70c0c52ccab0da2021-12-21 10:22:03.034root 11241100x8000000000000000334488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa31de8c4e913efb2021-12-21 10:22:03.034root 11241100x8000000000000000334489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448cab8039e8a2a42021-12-21 10:22:03.034root 11241100x8000000000000000334490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f299e53d53415022021-12-21 10:22:03.034root 11241100x8000000000000000334491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0348654ae16a134e2021-12-21 10:22:03.034root 11241100x8000000000000000334492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bd350fdf41e3f12021-12-21 10:22:03.034root 11241100x8000000000000000334493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3fb481335e66cd2021-12-21 10:22:03.034root 11241100x8000000000000000334494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff103fa40ad1972021-12-21 10:22:03.035root 11241100x8000000000000000334495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738f6c23342b68262021-12-21 10:22:03.035root 11241100x8000000000000000334496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a8caa396176f942021-12-21 10:22:03.035root 11241100x8000000000000000334497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03be69b06f1a37a92021-12-21 10:22:03.035root 11241100x8000000000000000334498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1bbb375a751f82021-12-21 10:22:03.035root 11241100x8000000000000000334499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c8cb2a0f0bf1bb2021-12-21 10:22:03.035root 11241100x8000000000000000334500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a977c23fd5eb03c2021-12-21 10:22:03.035root 11241100x8000000000000000334501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d1b60c585625e12021-12-21 10:22:03.035root 11241100x8000000000000000334502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82566045642c7e442021-12-21 10:22:03.036root 11241100x8000000000000000334503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323c8e865cbcc0c62021-12-21 10:22:03.036root 11241100x8000000000000000334504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5090a5cde77066d2021-12-21 10:22:03.036root 11241100x8000000000000000334505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f611a067b6ff6e2021-12-21 10:22:03.036root 11241100x8000000000000000334506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d82dc3c08e1709b2021-12-21 10:22:03.036root 11241100x8000000000000000334507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76253a3d21595bb72021-12-21 10:22:03.036root 11241100x8000000000000000334508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f66a1bd2cfce832021-12-21 10:22:03.037root 11241100x8000000000000000334509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224062d3e56ceb5b2021-12-21 10:22:03.037root 11241100x8000000000000000334510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78034d9edc246fc32021-12-21 10:22:03.037root 11241100x8000000000000000334511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2e8c2904339b2d2021-12-21 10:22:03.037root 11241100x8000000000000000334512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb644e182ee77ed22021-12-21 10:22:03.037root 11241100x8000000000000000334513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9ed4e28cb3ad802021-12-21 10:22:03.038root 11241100x8000000000000000334514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a2e7cf274e370d2021-12-21 10:22:03.038root 11241100x8000000000000000334515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1293cb4ba0ac2442021-12-21 10:22:03.038root 11241100x8000000000000000334516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8106127dc65a252021-12-21 10:22:03.038root 11241100x8000000000000000334517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99ebe4da44d2242021-12-21 10:22:03.039root 11241100x8000000000000000334518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f326bdf0997d37902021-12-21 10:22:03.039root 11241100x8000000000000000334519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb17b926e5bb68de2021-12-21 10:22:03.039root 11241100x8000000000000000334520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bc52083e38c8fe2021-12-21 10:22:03.039root 11241100x8000000000000000334521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1039f277968bdbe92021-12-21 10:22:03.039root 11241100x8000000000000000334522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15045aae99857f32021-12-21 10:22:03.039root 11241100x8000000000000000334523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc503a664eda4e242021-12-21 10:22:03.040root 11241100x8000000000000000334524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f3974eb5d5917f2021-12-21 10:22:03.040root 11241100x8000000000000000334525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd4cc26c93b9a732021-12-21 10:22:03.040root 11241100x8000000000000000334526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e40e2d41af9b83c2021-12-21 10:22:03.040root 11241100x8000000000000000334527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fbe6ca23461a3f2021-12-21 10:22:03.040root 11241100x8000000000000000334528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eb782822bcc5142021-12-21 10:22:03.041root 11241100x8000000000000000334529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f566442bf05c72021-12-21 10:22:03.041root 11241100x8000000000000000334530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768799284f5411992021-12-21 10:22:03.041root 11241100x8000000000000000334531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467af3d960cc666d2021-12-21 10:22:03.041root 11241100x8000000000000000334532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2257821f8c10002021-12-21 10:22:03.041root 11241100x8000000000000000334533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb4a6f32723df922021-12-21 10:22:03.042root 11241100x8000000000000000334534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd15a9b746aff52021-12-21 10:22:03.042root 11241100x8000000000000000334535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62e4da6b9b6c6c2021-12-21 10:22:03.042root 11241100x8000000000000000334536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b67f24a8827c3e82021-12-21 10:22:03.043root 11241100x8000000000000000334537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2c670dd55746682021-12-21 10:22:03.043root 11241100x8000000000000000334538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5f617be06f4652021-12-21 10:22:03.043root 11241100x8000000000000000334539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb11165064a688b12021-12-21 10:22:03.043root 11241100x8000000000000000334540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f9ace98e279812021-12-21 10:22:03.043root 11241100x8000000000000000334541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789548db394d41a22021-12-21 10:22:03.043root 11241100x8000000000000000334542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9a23bb97352dcc2021-12-21 10:22:03.044root 11241100x8000000000000000334543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c5e72a8648fb7d2021-12-21 10:22:03.044root 11241100x8000000000000000334544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac25132cd89b6a62021-12-21 10:22:03.044root 11241100x8000000000000000334545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45793f8819455f0c2021-12-21 10:22:03.044root 11241100x8000000000000000334546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e3e41166c36372021-12-21 10:22:03.044root 11241100x8000000000000000334547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e894dfe2584164e2021-12-21 10:22:03.044root 11241100x8000000000000000334548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b071c3479e2763782021-12-21 10:22:03.044root 11241100x8000000000000000334549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8f5d2b0743ec362021-12-21 10:22:03.044root 11241100x8000000000000000334550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feeb5d25710ed332021-12-21 10:22:03.044root 11241100x8000000000000000334551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a70075cd0968d12021-12-21 10:22:03.045root 11241100x8000000000000000334552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efda78ae205ed832021-12-21 10:22:03.045root 11241100x8000000000000000334553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c511c98c1a6e58d42021-12-21 10:22:03.045root 11241100x8000000000000000334554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b72c41263c5a12021-12-21 10:22:03.045root 11241100x8000000000000000334555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1476da1a0e79a5b2021-12-21 10:22:03.045root 11241100x8000000000000000334556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965083c323477ac32021-12-21 10:22:03.045root 11241100x8000000000000000334557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be92af72dce210da2021-12-21 10:22:03.045root 11241100x8000000000000000334558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622818e3cf00f4db2021-12-21 10:22:03.046root 11241100x8000000000000000334559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56815185eedf86f22021-12-21 10:22:03.046root 11241100x8000000000000000334560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61aa7c1468bdb52021-12-21 10:22:03.046root 11241100x8000000000000000334561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcff80cf35e14e632021-12-21 10:22:03.046root 11241100x8000000000000000334562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785673129d929b892021-12-21 10:22:03.046root 11241100x8000000000000000334563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead74a7d4e51063a2021-12-21 10:22:03.047root 11241100x8000000000000000334564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336fb655de4111862021-12-21 10:22:03.047root 11241100x8000000000000000334565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4672144a419095d22021-12-21 10:22:03.047root 11241100x8000000000000000334566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19260563ee32184f2021-12-21 10:22:03.047root 11241100x8000000000000000334567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446ab06574efc6c2021-12-21 10:22:03.047root 11241100x8000000000000000334568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939a61244d13a8de2021-12-21 10:22:03.047root 11241100x8000000000000000334569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935e348ee046d30e2021-12-21 10:22:03.048root 11241100x8000000000000000334570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0012c1613a680c52021-12-21 10:22:03.048root 11241100x8000000000000000334571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0589bd4079ab77fd2021-12-21 10:22:03.048root 11241100x8000000000000000334572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1090d37efeba6dea2021-12-21 10:22:03.048root 11241100x8000000000000000334573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b24af6d9b2942062021-12-21 10:22:03.048root 11241100x8000000000000000334574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30739208ce89893d2021-12-21 10:22:03.048root 11241100x8000000000000000334575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146d73b7b8d277652021-12-21 10:22:03.049root 11241100x8000000000000000334576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41db9cd66dae6c892021-12-21 10:22:03.049root 11241100x8000000000000000334577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2569a9b1c6046212021-12-21 10:22:03.049root 11241100x8000000000000000334578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64a3e47e81285a22021-12-21 10:22:03.049root 11241100x8000000000000000334579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc820d0fc6e61942021-12-21 10:22:03.049root 11241100x8000000000000000334580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d2d4a62a272a032021-12-21 10:22:03.050root 11241100x8000000000000000334581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb018b6b31d791e62021-12-21 10:22:03.050root 11241100x8000000000000000334582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92434c8383aedd72021-12-21 10:22:03.050root 11241100x8000000000000000334583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3222212b3e1a7812021-12-21 10:22:03.050root 11241100x8000000000000000334584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003089e993dbc7592021-12-21 10:22:03.051root 11241100x8000000000000000334585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38df3dffd2aa97f2021-12-21 10:22:03.051root 11241100x8000000000000000334586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805978067906a3b32021-12-21 10:22:03.051root 11241100x8000000000000000334587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d541274e415a462a2021-12-21 10:22:03.051root 11241100x8000000000000000334588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d52e7861108726a2021-12-21 10:22:03.052root 11241100x8000000000000000334589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732efd10a7ce8c6b2021-12-21 10:22:03.052root 11241100x8000000000000000334590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85756db17576a97b2021-12-21 10:22:03.052root 11241100x8000000000000000334591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0995420b1615c42021-12-21 10:22:03.052root 11241100x8000000000000000334592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099cc1f1492d223f2021-12-21 10:22:03.053root 154100x8000000000000000334593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.076{ec2b6afe-aacb-61c1-6822-aa4121560000}5602/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000334594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.076{ec2b6afe-aacb-61c1-b03f-8b6db17f0000}5602/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000334595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.077{ec2b6afe-aacb-61c1-b03f-8b6db17f0000}5602/sbin/ldconfig.realroot 534500x8000000000000000334596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.207{00000000-0000-0000-0000-000000000000}5603<unknown process>root 154100x8000000000000000334597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.246{ec2b6afe-aacb-61c1-f013-6e291b560000}5604/usr/bin/who-----who -q/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000334598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.251{ec2b6afe-aacb-61c1-f013-6e291b560000}5604/usr/bin/whoroot 534500x8000000000000000334599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.300{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6root 534500x8000000000000000334600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.300{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dashroot 154100x8000000000000000334601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 11241100x8000000000000000334602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a46dd07589559562021-12-21 10:22:03.301root 11241100x8000000000000000334603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0876cc6b610f6f2021-12-21 10:22:03.301root 11241100x8000000000000000334604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacbb522b0792c992021-12-21 10:22:03.301root 11241100x8000000000000000334605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774d7323272e9402021-12-21 10:22:03.301root 11241100x8000000000000000334606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2599baf8828b9f5b2021-12-21 10:22:03.301root 11241100x8000000000000000334607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebc249a778b33202021-12-21 10:22:03.301root 11241100x8000000000000000334608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641ad786e101714c2021-12-21 10:22:03.302root 11241100x8000000000000000334609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9679d8d6710e9b2021-12-21 10:22:03.302root 11241100x8000000000000000334610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8409fbbe9b72d9962021-12-21 10:22:03.302root 11241100x8000000000000000334611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a4ec141c058f5f2021-12-21 10:22:03.302root 11241100x8000000000000000334612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287bf0e1b68c7f8b2021-12-21 10:22:03.302root 11241100x8000000000000000334613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89433c2b00542dc92021-12-21 10:22:03.302root 11241100x8000000000000000334614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf17cf934b572372021-12-21 10:22:03.303root 11241100x8000000000000000334615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a04e1a8811da212021-12-21 10:22:03.303root 154100x8000000000000000334616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-d0a9-925fb8550000}5606/bin/cat-----cat /var/cache/motd-news/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 534500x8000000000000000334617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-d0a9-925fb8550000}5606/bin/catroot 154100x8000000000000000334618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-7842-208fb6550000}5607/usr/bin/head-----head -n 10/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 534500x8000000000000000334619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-7842-208fb6550000}5607/usr/bin/headroot 154100x8000000000000000334620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-e065-688e43560000}5608/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 534500x8000000000000000334621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-aacb-61c1-e065-688e43560000}5608/usr/bin/trroot 154100x8000000000000000334622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-b8b0-5db5a3550000}5609/usr/bin/cut-----cut -c -80/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 11241100x8000000000000000334623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d952b281f76231502021-12-21 10:22:03.303root 11241100x8000000000000000334624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a3e8ae9a40accf2021-12-21 10:22:03.303root 11241100x8000000000000000334625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaddb139ed04d35c2021-12-21 10:22:03.304root 11241100x8000000000000000334626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27099bb158a03f4c2021-12-21 10:22:03.304root 11241100x8000000000000000334627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604006d0186dd4062021-12-21 10:22:03.305root 11241100x8000000000000000334628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba65f86ff420dcd82021-12-21 10:22:03.305root 11241100x8000000000000000334629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aae8f9f52871692021-12-21 10:22:03.305root 11241100x8000000000000000334630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69024fae39bf05052021-12-21 10:22:03.305root 11241100x8000000000000000334631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9e8ac82aeb8fd82021-12-21 10:22:03.305root 11241100x8000000000000000334632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa59dd4450e23a02021-12-21 10:22:03.305root 11241100x8000000000000000334633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ddac81db56b92e2021-12-21 10:22:03.305root 154100x8000000000000000334634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-aacb-61c1-68c2-0efc12560000}5611/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 11241100x8000000000000000334635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737df9771da44c9b2021-12-21 10:22:03.306root 11241100x8000000000000000334636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a862d65220987f2021-12-21 10:22:03.306root 534500x8000000000000000334637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-aacb-61c1-b8b0-5db5a3550000}5609/usr/bin/cutroot 154100x8000000000000000334638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.304{ec2b6afe-aacb-61c1-6872-8192f3550000}5610/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 534500x8000000000000000334639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-aacb-61c1-6872-8192f3550000}5610/bin/dashroot 154100x8000000000000000334640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-aacb-61c1-d099-92bd3c560000}5612/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68c2-0efc12560000}5611/bin/dash/bin/shroot 534500x8000000000000000334641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-aacb-61c1-d099-92bd3c560000}5612/bin/catroot 534500x8000000000000000334642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dashroot 11241100x8000000000000000334643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c7f28843c2ae502021-12-21 10:22:03.307root 11241100x8000000000000000334644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e7e043bd070062021-12-21 10:22:03.307root 11241100x8000000000000000334645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da537ac6d376b3022021-12-21 10:22:03.307root 11241100x8000000000000000334646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf05e38b58b2fc2021-12-21 10:22:03.307root 11241100x8000000000000000334647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a49edfc62e71bbe2021-12-21 10:22:03.308root 11241100x8000000000000000334648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62339d39f3e2cf72021-12-21 10:22:03.306root 154100x8000000000000000334649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-aacb-61c1-6882-2a2f28560000}5613/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 534500x8000000000000000334650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-aacb-61c1-6882-2a2f28560000}5613/bin/dashroot 11241100x8000000000000000334651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6034a49dc0339b2021-12-21 10:22:03.308root 11241100x8000000000000000334652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2374216de581fbd2021-12-21 10:22:03.308root 11241100x8000000000000000334653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b5f1842473c4832021-12-21 10:22:03.308root 11241100x8000000000000000334654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270608f26ac8efff2021-12-21 10:22:03.308root 11241100x8000000000000000334655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b438a3f4313015b2021-12-21 10:22:03.308root 534500x8000000000000000334656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-aacb-61c1-68c2-0efc12560000}5611/bin/dashroot 154100x8000000000000000334657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-aacb-61c1-68a2-606a07560000}5614/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 154100x8000000000000000334658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-aacb-61c1-b890-94ee19560000}5617/usr/bin/cut-----cut -d -f4/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5615--- 11241100x8000000000000000334659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57be849e94cb311e2021-12-21 10:22:03.309root 11241100x8000000000000000334660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f23a81faadf0552021-12-21 10:22:03.309root 11241100x8000000000000000334661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45b89bcabbbc2902021-12-21 10:22:03.309root 11241100x8000000000000000334662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e78073c82412a82021-12-21 10:22:03.310root 11241100x8000000000000000334663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb32580c8cd0c8d2021-12-21 10:22:03.310root 154100x8000000000000000334664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-aacb-61c1-303c-7b0000000000}5616/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5615--- 11241100x8000000000000000334665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d69c2ba18b417002021-12-21 10:22:03.310root 11241100x8000000000000000334666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a070bc30854908e22021-12-21 10:22:03.310root 11241100x8000000000000000334667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9cf6bf68ffcd6c2021-12-21 10:22:03.310root 11241100x8000000000000000334668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40422d08239aa8e2021-12-21 10:22:03.311root 11241100x8000000000000000334669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecad3a06e64a6d72021-12-21 10:22:03.311root 11241100x8000000000000000334670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844fb399e4b15af12021-12-21 10:22:03.311root 11241100x8000000000000000334671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612a6621fe3232ba2021-12-21 10:22:03.312root 11241100x8000000000000000334672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d7fab56d3a30772021-12-21 10:22:03.312root 11241100x8000000000000000334673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a211373945777a042021-12-21 10:22:03.312root 11241100x8000000000000000334674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68ce6dfafd55a202021-12-21 10:22:03.312root 11241100x8000000000000000334675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d67b112df6ed22021-12-21 10:22:03.313root 11241100x8000000000000000334676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2036ac62ace05852021-12-21 10:22:03.313root 11241100x8000000000000000334677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ff35b7e7fcc5e12021-12-21 10:22:03.313root 11241100x8000000000000000334678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626cf720542a0a182021-12-21 10:22:03.314root 11241100x8000000000000000334679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162b11ff73905ce52021-12-21 10:22:03.314root 11241100x8000000000000000334680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fce21f304778742021-12-21 10:22:03.315root 11241100x8000000000000000334681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b78ca580f83df6a2021-12-21 10:22:03.315root 11241100x8000000000000000334682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb312e1b45bd3262021-12-21 10:22:03.315root 11241100x8000000000000000334683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b705ee288c906542021-12-21 10:22:03.315root 11241100x8000000000000000334684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7eb639f6a0a2952021-12-21 10:22:03.316root 11241100x8000000000000000334685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7776a7950e2c9b72021-12-21 10:22:03.316root 11241100x8000000000000000334686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3ba3b4d6ff4be42021-12-21 10:22:03.316root 11241100x8000000000000000334687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b491811685291c862021-12-21 10:22:03.316root 11241100x8000000000000000334688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a265fdc8c4a2ea2021-12-21 10:22:03.317root 11241100x8000000000000000334689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60502e3fb1a443482021-12-21 10:22:03.317root 11241100x8000000000000000334690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d4636d894551cb2021-12-21 10:22:03.317root 11241100x8000000000000000334691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a44e75ef571a3e2021-12-21 10:22:03.317root 11241100x8000000000000000334692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a594e8714e09c2021-12-21 10:22:03.318root 11241100x8000000000000000334693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb663801fe8266f2021-12-21 10:22:03.318root 11241100x8000000000000000334694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599886e872f57492021-12-21 10:22:03.319root 11241100x8000000000000000334695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86d758d06f4744f2021-12-21 10:22:03.319root 11241100x8000000000000000334696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66795de0545d8a2021-12-21 10:22:03.319root 11241100x8000000000000000334697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016dbc7d68c572c22021-12-21 10:22:03.319root 11241100x8000000000000000334698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee75a994876e80b2021-12-21 10:22:03.320root 11241100x8000000000000000334699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e2d3b9630ab3992021-12-21 10:22:03.320root 11241100x8000000000000000334700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13456a7d81856142021-12-21 10:22:03.320root 11241100x8000000000000000334701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f9938f425baf92021-12-21 10:22:03.321root 11241100x8000000000000000334702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ca9d6b60c7f432021-12-21 10:22:03.321root 11241100x8000000000000000334703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9018a565529403602021-12-21 10:22:03.321root 11241100x8000000000000000334704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df64252908193fea2021-12-21 10:22:03.321root 11241100x8000000000000000334705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c7d0770f796842021-12-21 10:22:03.322root 11241100x8000000000000000334706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce493623131bb0f52021-12-21 10:22:03.322root 11241100x8000000000000000334707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fda9bc23e1e0262021-12-21 10:22:03.322root 11241100x8000000000000000334708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840b40c47001c842021-12-21 10:22:03.322root 11241100x8000000000000000334709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d18ce75bd1ccdac2021-12-21 10:22:03.323root 11241100x8000000000000000334710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e56747130e224c42021-12-21 10:22:03.323root 11241100x8000000000000000334711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ebdb68694f57b02021-12-21 10:22:03.323root 11241100x8000000000000000334712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d606ecbb148a9b92021-12-21 10:22:03.323root 11241100x8000000000000000334713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6d1657895174302021-12-21 10:22:03.324root 11241100x8000000000000000334714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583316f1c31806342021-12-21 10:22:03.324root 11241100x8000000000000000334715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f18aa87a474769d2021-12-21 10:22:03.324root 11241100x8000000000000000334716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95a57d2b7f882f12021-12-21 10:22:03.325root 11241100x8000000000000000334717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8320065fa68fd6d2021-12-21 10:22:03.325root 11241100x8000000000000000334718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc707c30b6facdd92021-12-21 10:22:03.325root 11241100x8000000000000000334719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bf21555fb02c612021-12-21 10:22:03.325root 11241100x8000000000000000334720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3bf6f922829f4c2021-12-21 10:22:03.326root 11241100x8000000000000000334721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8665af963ca8002021-12-21 10:22:03.326root 11241100x8000000000000000334722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcc93ac6b1a8b4c2021-12-21 10:22:03.326root 11241100x8000000000000000334723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e40bbc93c3bb4b2021-12-21 10:22:03.327root 11241100x8000000000000000334724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5d5a0d318348542021-12-21 10:22:03.327root 11241100x8000000000000000334725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d621b60bba841d6b2021-12-21 10:22:03.327root 11241100x8000000000000000334726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ac00d1c8d4db372021-12-21 10:22:03.327root 11241100x8000000000000000334727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe041d668ef23dcf2021-12-21 10:22:03.328root 11241100x8000000000000000334728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f33e7db6d5a8622021-12-21 10:22:03.328root 11241100x8000000000000000334729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3f74cd648a0d302021-12-21 10:22:03.328root 11241100x8000000000000000334730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10639e955b6cc1792021-12-21 10:22:03.329root 11241100x8000000000000000334731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c19ce88f8647992021-12-21 10:22:03.329root 11241100x8000000000000000334732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b32f68483b2fac2021-12-21 10:22:03.330root 11241100x8000000000000000334733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454f96bc13b881072021-12-21 10:22:03.331root 11241100x8000000000000000334734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3360c6bbdf453ef12021-12-21 10:22:03.331root 11241100x8000000000000000334735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea0c25ebc0905c2021-12-21 10:22:03.332root 11241100x8000000000000000334736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f5a9410fa76d0a2021-12-21 10:22:03.332root 11241100x8000000000000000334737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee8fbbf4d43d49c2021-12-21 10:22:03.332root 11241100x8000000000000000334738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7888afb6005b6d2e2021-12-21 10:22:03.332root 11241100x8000000000000000334739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d9350b6c860db02021-12-21 10:22:03.333root 11241100x8000000000000000334740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fb5f75301947c32021-12-21 10:22:03.333root 11241100x8000000000000000334741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4089f3cf436f3fcb2021-12-21 10:22:03.333root 11241100x8000000000000000334742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d52aeae0f2e62452021-12-21 10:22:03.333root 11241100x8000000000000000334743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb450fe51aeb6e32021-12-21 10:22:03.334root 11241100x8000000000000000334744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aa0c50c774bbb32021-12-21 10:22:03.334root 11241100x8000000000000000334745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b589d6cc276dca92021-12-21 10:22:03.334root 11241100x8000000000000000334746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d780cd1f272365a2021-12-21 10:22:03.334root 11241100x8000000000000000334747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02ae0d378e3ad4a2021-12-21 10:22:03.334root 11241100x8000000000000000334748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef045b1646ab75c2021-12-21 10:22:03.334root 11241100x8000000000000000334749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cca3e07a344e8e02021-12-21 10:22:03.334root 11241100x8000000000000000334750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50cd62d6459e3842021-12-21 10:22:03.335root 11241100x8000000000000000334751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8540f2029febc29c2021-12-21 10:22:03.335root 11241100x8000000000000000334752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220c58d65cbb48832021-12-21 10:22:03.335root 11241100x8000000000000000334753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10558efd205f5712021-12-21 10:22:03.336root 11241100x8000000000000000334754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84e914eec1eef672021-12-21 10:22:03.336root 11241100x8000000000000000334755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfdfa37bb7d0f582021-12-21 10:22:03.336root 11241100x8000000000000000334756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bbe310537cd2cc2021-12-21 10:22:03.336root 11241100x8000000000000000334757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b082d14d084a0c432021-12-21 10:22:03.336root 11241100x8000000000000000334758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9446dca94f06dbc52021-12-21 10:22:03.337root 11241100x8000000000000000334759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa415dc4c048e472021-12-21 10:22:03.337root 11241100x8000000000000000334760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db6b8ac4a0d56b72021-12-21 10:22:03.337root 11241100x8000000000000000334761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bddbf9cd4a7cb8f2021-12-21 10:22:03.337root 11241100x8000000000000000334762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d758024d5b6444d2021-12-21 10:22:03.337root 11241100x8000000000000000334763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f6ef71932a37dd2021-12-21 10:22:03.337root 11241100x8000000000000000334764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454c125cf8d33a42021-12-21 10:22:03.337root 11241100x8000000000000000334765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20102a92f8526a22021-12-21 10:22:03.338root 11241100x8000000000000000334766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561572df0a7c654c2021-12-21 10:22:03.338root 11241100x8000000000000000334767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e8dc561533ab5f2021-12-21 10:22:03.338root 11241100x8000000000000000334768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2366e2cc238eba302021-12-21 10:22:03.339root 11241100x8000000000000000334769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f22af300aa6abe82021-12-21 10:22:03.339root 11241100x8000000000000000334770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5e43ebac7751752021-12-21 10:22:03.339root 11241100x8000000000000000334771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d854c6748ef97212021-12-21 10:22:03.339root 11241100x8000000000000000334772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad6f767368decc72021-12-21 10:22:03.339root 11241100x8000000000000000334773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650e84f0c2b784122021-12-21 10:22:03.339root 11241100x8000000000000000334774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f81a1495fd8fd12021-12-21 10:22:03.340root 11241100x8000000000000000334775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ffc4a1478ea6d62021-12-21 10:22:03.340root 11241100x8000000000000000334776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11bcca5601a88a2021-12-21 10:22:03.340root 11241100x8000000000000000334777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b9230b12e8e7472021-12-21 10:22:03.340root 11241100x8000000000000000334778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899bfaae0e48a872021-12-21 10:22:03.340root 11241100x8000000000000000334779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cab9c19600ae26e2021-12-21 10:22:03.340root 11241100x8000000000000000334780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff7158ab63b84942021-12-21 10:22:03.341root 11241100x8000000000000000334781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bce3eeff443db72021-12-21 10:22:03.341root 11241100x8000000000000000334782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba818ae3651aabf72021-12-21 10:22:03.341root 11241100x8000000000000000334783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a50ae6349edc5e2021-12-21 10:22:03.341root 11241100x8000000000000000334784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2ec7ec2e7a68a2021-12-21 10:22:03.341root 11241100x8000000000000000334785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64606823c7f65bc12021-12-21 10:22:03.341root 11241100x8000000000000000334786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e07f40b7a278ad2021-12-21 10:22:03.341root 11241100x8000000000000000334787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770186efc2946b2a2021-12-21 10:22:03.342root 11241100x8000000000000000334788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd4ffc22a2527882021-12-21 10:22:03.342root 11241100x8000000000000000334789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7885ecd815121b302021-12-21 10:22:03.342root 11241100x8000000000000000334790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68abb4c62ec690f2021-12-21 10:22:03.342root 11241100x8000000000000000334791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ae194749e1e83f2021-12-21 10:22:03.342root 11241100x8000000000000000334792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40a92e145f075ec2021-12-21 10:22:03.343root 11241100x8000000000000000334793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f1d576edcf61922021-12-21 10:22:03.343root 11241100x8000000000000000334794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d761538a0e691f02021-12-21 10:22:03.343root 11241100x8000000000000000334795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef7b2d0f53df662021-12-21 10:22:03.343root 11241100x8000000000000000334796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae6a49f27e73f1c2021-12-21 10:22:03.343root 11241100x8000000000000000334797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af85d65868cc10822021-12-21 10:22:03.344root 11241100x8000000000000000334798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea701cd0728f1f2021-12-21 10:22:03.344root 11241100x8000000000000000334799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa2c56680774b172021-12-21 10:22:03.344root 11241100x8000000000000000334800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a0310768b0e1d02021-12-21 10:22:03.344root 11241100x8000000000000000334801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bfa7376e54ac7f2021-12-21 10:22:03.344root 11241100x8000000000000000334802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa8862e2c3aa71e2021-12-21 10:22:03.344root 11241100x8000000000000000334803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7949b93d2af57e912021-12-21 10:22:03.345root 11241100x8000000000000000334804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4c3fb995b97b212021-12-21 10:22:03.345root 11241100x8000000000000000334805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655fdfbe83f87eaa2021-12-21 10:22:03.345root 11241100x8000000000000000334806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb63a04d26ccf962021-12-21 10:22:03.345root 11241100x8000000000000000334807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ef256a422fedb52021-12-21 10:22:03.345root 11241100x8000000000000000334808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cf58c8ead029192021-12-21 10:22:03.345root 11241100x8000000000000000334809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f203bb50114837c32021-12-21 10:22:03.345root 11241100x8000000000000000334810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2232917be4767d2021-12-21 10:22:03.345root 11241100x8000000000000000334811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b890f69a3cee385d2021-12-21 10:22:03.345root 11241100x8000000000000000334812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b21d1efd3e224b2021-12-21 10:22:03.345root 11241100x8000000000000000334813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820715d095c43a7c2021-12-21 10:22:03.346root 11241100x8000000000000000334814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79789a56dcc100492021-12-21 10:22:03.346root 11241100x8000000000000000334815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23d343283b9443c2021-12-21 10:22:03.346root 11241100x8000000000000000334816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990e91abd8f471432021-12-21 10:22:03.346root 11241100x8000000000000000334817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a7dc8b77bffb662021-12-21 10:22:03.346root 11241100x8000000000000000334818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125549b017b40d692021-12-21 10:22:03.346root 11241100x8000000000000000334819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3877e8cc7bb6332f2021-12-21 10:22:03.346root 11241100x8000000000000000334820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec26b1570ad1592021-12-21 10:22:03.346root 11241100x8000000000000000334821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e415bcdd2e9c7f12021-12-21 10:22:03.346root 11241100x8000000000000000334822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8651a0c3d30f2d82021-12-21 10:22:03.346root 11241100x8000000000000000334823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97d78f5a76562352021-12-21 10:22:03.346root 11241100x8000000000000000334824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8bdb904aa9f0092021-12-21 10:22:03.346root 11241100x8000000000000000334825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f713a8bd1d4bc52021-12-21 10:22:03.346root 11241100x8000000000000000334826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b221c1616a6f7382021-12-21 10:22:03.346root 11241100x8000000000000000334827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5cf554da2152d2021-12-21 10:22:03.346root 11241100x8000000000000000334828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898d65cd9f19e8172021-12-21 10:22:03.346root 11241100x8000000000000000334829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61ab25e7df3809f2021-12-21 10:22:03.347root 11241100x8000000000000000334830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bee1d1fb1463ab2021-12-21 10:22:03.347root 11241100x8000000000000000334831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7fc3a456a288c52021-12-21 10:22:03.347root 11241100x8000000000000000334832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4019a86ae84def532021-12-21 10:22:03.347root 11241100x8000000000000000334833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e6391789e0b9422021-12-21 10:22:03.347root 11241100x8000000000000000334834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5613f266fcdda2a2021-12-21 10:22:03.347root 354300x8000000000000000335077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:05.229{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46996-false10.0.1.12-8000- 11241100x8000000000000000335078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:05.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80acdfc94b63d9782021-12-21 10:22:05.692root 11241100x8000000000000000335079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857152574908c42f2021-12-21 10:22:06.192root 11241100x8000000000000000335080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.520{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:22:06.520root 11241100x8000000000000000335081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87faf7f0477f17392021-12-21 10:22:06.521root 11241100x8000000000000000335082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00269421a466e3882021-12-21 10:22:06.942root 11241100x8000000000000000335083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fb6bd36124d4b42021-12-21 10:22:06.943root 11241100x8000000000000000335084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecda66e84d5ca94e2021-12-21 10:22:07.442root 11241100x8000000000000000335085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bd7a10c0cd2c6c2021-12-21 10:22:07.442root 11241100x8000000000000000335086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787fbfb9177e70ad2021-12-21 10:22:07.942root 11241100x8000000000000000335087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6799d6faabbd8d2021-12-21 10:22:07.943root 11241100x8000000000000000335088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2b08c6e47202ef2021-12-21 10:22:08.442root 11241100x8000000000000000335089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb24446ed08047d82021-12-21 10:22:08.443root 11241100x8000000000000000335090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a9a987098afccb2021-12-21 10:22:08.942root 11241100x8000000000000000335091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea0a5242dd4e8bb2021-12-21 10:22:08.943root 534500x8000000000000000335092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.202{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000335093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578876c4e7e2553a2021-12-21 10:22:09.203root 11241100x8000000000000000335094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602971e8a69fa04b2021-12-21 10:22:09.203root 11241100x8000000000000000335095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.205{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/system.journal2021-12-21 10:22:09.205root 11241100x8000000000000000335096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9627a675e836dc2021-12-21 10:22:09.206root 11241100x8000000000000000335097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.213{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000.journal2021-12-21 10:22:09.213root 534500x8000000000000000335098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.216{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 23542300x8000000000000000335099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.242{ec2b6afe-9233-61c1-c81a-006eee550000}454root/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000@23a4030a05c14f4487fe6448e1318b5d-0000000000000000-0000000000000000.journal--- 23542300x8000000000000000335100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.522{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000335101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a3dc22f6c5c83e2021-12-21 10:22:09.523root 11241100x8000000000000000335102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c5d77bb583845e2021-12-21 10:22:09.523root 11241100x8000000000000000335103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0537aab17a58bff42021-12-21 10:22:09.523root 11241100x8000000000000000335104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666024cb58cfce6b2021-12-21 10:22:09.523root 11241100x8000000000000000335105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391ad890ad4046342021-12-21 10:22:09.523root 11241100x8000000000000000335106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fab15acccf04f122021-12-21 10:22:09.523root 11241100x8000000000000000335107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec645cb77ea355b42021-12-21 10:22:09.523root 11241100x8000000000000000335108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5186fb76297032021-12-21 10:22:09.943root 11241100x8000000000000000335109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f57930c2a80dabd2021-12-21 10:22:09.943root 11241100x8000000000000000335110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59642dd65081b52e2021-12-21 10:22:09.943root 11241100x8000000000000000335111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f699f8b8d8a22f052021-12-21 10:22:09.943root 11241100x8000000000000000335112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5c1a41663481cb2021-12-21 10:22:09.943root 11241100x8000000000000000335113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b171eab8b6e05a802021-12-21 10:22:09.943root 11241100x8000000000000000335114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e16c4a99e37b292021-12-21 10:22:09.943root 11241100x8000000000000000335115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aab14b1d63a6de2021-12-21 10:22:09.943root 354300x8000000000000000335116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.245{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46998-false10.0.1.12-8000- 11241100x8000000000000000335117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede589ca2f176f752021-12-21 10:22:10.246root 11241100x8000000000000000335118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbbad64aac9f9352021-12-21 10:22:10.246root 11241100x8000000000000000335119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc955d45811ffd52021-12-21 10:22:10.246root 11241100x8000000000000000335120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf19e14fa704a4492021-12-21 10:22:10.246root 11241100x8000000000000000335121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75527d6b39b78fc32021-12-21 10:22:10.247root 11241100x8000000000000000335122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ad58497be900c32021-12-21 10:22:10.247root 11241100x8000000000000000335123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be132e71e5436012021-12-21 10:22:10.247root 11241100x8000000000000000335124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67542a0e056891002021-12-21 10:22:10.247root 11241100x8000000000000000335125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949e319ed2de16552021-12-21 10:22:10.247root 11241100x8000000000000000335126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde5ca94ad1b69e2021-12-21 10:22:10.693root 11241100x8000000000000000335127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29743cbe0bb87362021-12-21 10:22:10.693root 11241100x8000000000000000335128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9575a55437f33232021-12-21 10:22:10.693root 11241100x8000000000000000335129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cc69e5d3ee39a62021-12-21 10:22:10.693root 11241100x8000000000000000335130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff79c61041a75142021-12-21 10:22:10.693root 11241100x8000000000000000335131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891ab17d6f417afa2021-12-21 10:22:10.693root 11241100x8000000000000000335132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f3901ad58adb8c2021-12-21 10:22:10.693root 11241100x8000000000000000335133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc573163dc8ad9362021-12-21 10:22:10.693root 11241100x8000000000000000335134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc0aad851cf4212021-12-21 10:22:10.694root 154100x8000000000000000335135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.006{ec2b6afe-aad3-61c1-6824-796ba7550000}5691/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000335136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb39a430e5722862021-12-21 10:22:11.008root 11241100x8000000000000000335137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86844edcfe15a7202021-12-21 10:22:11.008root 11241100x8000000000000000335138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a7e72e9ce0e94f2021-12-21 10:22:11.008root 11241100x8000000000000000335139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128a412272fe9d3d2021-12-21 10:22:11.008root 11241100x8000000000000000335140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b12efbc983d5422021-12-21 10:22:11.008root 11241100x8000000000000000335141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af16d994cbc658632021-12-21 10:22:11.008root 11241100x8000000000000000335142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3407e9e3b3904e2021-12-21 10:22:11.008root 11241100x8000000000000000335143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfb12ba1d10e59b2021-12-21 10:22:11.008root 11241100x8000000000000000335144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66e6ed7e92e2542021-12-21 10:22:11.008root 11241100x8000000000000000335145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bebf5cefe5bf7072021-12-21 10:22:11.009root 534500x8000000000000000335146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.018{ec2b6afe-aad3-61c1-6824-796ba7550000}5691/bin/psroot 11241100x8000000000000000335147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c286944cbb95152021-12-21 10:22:11.443root 11241100x8000000000000000335148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08ac535144b4132021-12-21 10:22:11.443root 11241100x8000000000000000335149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46830ceea9fa65da2021-12-21 10:22:11.443root 11241100x8000000000000000335150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb43ccad412849d02021-12-21 10:22:11.443root 11241100x8000000000000000335151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcba167f89f9b432021-12-21 10:22:11.443root 11241100x8000000000000000335152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8463bc40b7ba8c182021-12-21 10:22:11.443root 11241100x8000000000000000335153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7631de714ccd8a2021-12-21 10:22:11.443root 11241100x8000000000000000335154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5802d2d6a36c1f02021-12-21 10:22:11.444root 11241100x8000000000000000335155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9cb63fedafe0b92021-12-21 10:22:11.444root 11241100x8000000000000000335156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579a05d9bf39c14c2021-12-21 10:22:11.444root 11241100x8000000000000000335157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc19cbe4d0c78f22021-12-21 10:22:11.444root 11241100x8000000000000000335158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521dff50043462f02021-12-21 10:22:11.943root 11241100x8000000000000000335159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7e91c604de73be2021-12-21 10:22:11.943root 11241100x8000000000000000335160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f396a0e42507542021-12-21 10:22:11.943root 11241100x8000000000000000335161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56d50c14ed1b65f2021-12-21 10:22:11.943root 11241100x8000000000000000335162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff8080642e41f4f2021-12-21 10:22:11.943root 11241100x8000000000000000335163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29258c62beb5bf6d2021-12-21 10:22:11.943root 11241100x8000000000000000335164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467b6ad97af451142021-12-21 10:22:11.944root 11241100x8000000000000000335165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa5b52e544db0452021-12-21 10:22:11.944root 11241100x8000000000000000335166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629248bd8c30e11e2021-12-21 10:22:11.944root 11241100x8000000000000000335167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9892936b4e1cd2562021-12-21 10:22:11.944root 11241100x8000000000000000335168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea239cf1a3ce3ce2021-12-21 10:22:11.944root 11241100x8000000000000000335169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c254baf2312f4c72021-12-21 10:22:12.443root 11241100x8000000000000000335170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aa05c88f99bc732021-12-21 10:22:12.443root 11241100x8000000000000000335171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd540bad9890d22021-12-21 10:22:12.443root 11241100x8000000000000000335172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fbc0344ff76d432021-12-21 10:22:12.443root 11241100x8000000000000000335173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b744b786c5e86082021-12-21 10:22:12.443root 11241100x8000000000000000335174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9814b3b12db64f3c2021-12-21 10:22:12.443root 11241100x8000000000000000335175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112a7093a85f30f42021-12-21 10:22:12.443root 11241100x8000000000000000335176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f33ca1d762546f2021-12-21 10:22:12.443root 11241100x8000000000000000335177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f06dabc142eef32021-12-21 10:22:12.444root 11241100x8000000000000000335178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48aba4ecf94cf912021-12-21 10:22:12.444root 11241100x8000000000000000335179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4272a06fc57489a2021-12-21 10:22:12.444root 11241100x8000000000000000335180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548a7a30b89480a32021-12-21 10:22:12.942root 11241100x8000000000000000335181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d2d05ff47f68b2021-12-21 10:22:12.943root 11241100x8000000000000000335182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9df4c30e8a8e0e2021-12-21 10:22:12.943root 11241100x8000000000000000335183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9099299ca17d8aab2021-12-21 10:22:12.943root 11241100x8000000000000000335184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaaf2a1b24f71082021-12-21 10:22:12.943root 11241100x8000000000000000335185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a960ccabd366c5ea2021-12-21 10:22:12.943root 11241100x8000000000000000335186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1190d6d84266db822021-12-21 10:22:12.943root 11241100x8000000000000000335187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004058e8f410d9402021-12-21 10:22:12.944root 11241100x8000000000000000335188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f43e42ffe11399c2021-12-21 10:22:12.944root 11241100x8000000000000000335189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e0c01b59fc6eb02021-12-21 10:22:12.944root 11241100x8000000000000000335190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b536ee38ef03a9092021-12-21 10:22:12.944root 11241100x8000000000000000335191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232bef8374aac2a82021-12-21 10:22:13.443root 11241100x8000000000000000335192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1609c0e13e97b6d2021-12-21 10:22:13.443root 11241100x8000000000000000335193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af702abacf65b8e2021-12-21 10:22:13.443root 11241100x8000000000000000335194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5501b2f0381d4602021-12-21 10:22:13.443root 11241100x8000000000000000335195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87920c5d8837d2a82021-12-21 10:22:13.443root 11241100x8000000000000000335196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bb76e472b0221d2021-12-21 10:22:13.443root 11241100x8000000000000000335197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d760a75fc47bdb62021-12-21 10:22:13.444root 11241100x8000000000000000335198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26248a9d0f0a0bb2021-12-21 10:22:13.444root 11241100x8000000000000000335199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca92e30b437dd7f62021-12-21 10:22:13.444root 11241100x8000000000000000335200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4712244736635f132021-12-21 10:22:13.444root 11241100x8000000000000000335201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32df8d959b1f14202021-12-21 10:22:13.444root 11241100x8000000000000000335202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47912cc67b9a7182021-12-21 10:22:13.943root 11241100x8000000000000000335203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646c75db6e858fb22021-12-21 10:22:13.943root 11241100x8000000000000000335204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a97ea1d246b7532021-12-21 10:22:13.943root 11241100x8000000000000000335205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbe1a6b04d8c4ad2021-12-21 10:22:13.943root 11241100x8000000000000000335206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac734a86ef354cfe2021-12-21 10:22:13.943root 11241100x8000000000000000335207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb32f6bf515fcbe02021-12-21 10:22:13.943root 11241100x8000000000000000335208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a266bac2f665eefa2021-12-21 10:22:13.943root 11241100x8000000000000000335209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c0658b7a2fb3b2021-12-21 10:22:13.944root 11241100x8000000000000000335210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93e2ec052903eb42021-12-21 10:22:13.944root 11241100x8000000000000000335211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4133eaa72f9e277d2021-12-21 10:22:13.944root 11241100x8000000000000000335212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47b4b018e7d91982021-12-21 10:22:13.944root 11241100x8000000000000000335213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f1f8f9b4b2d4b2021-12-21 10:22:14.443root 11241100x8000000000000000335214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fed0994301c1a2021-12-21 10:22:14.443root 11241100x8000000000000000335215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c1ba76565ab7682021-12-21 10:22:14.443root 11241100x8000000000000000335216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdb279fcfa313482021-12-21 10:22:14.443root 11241100x8000000000000000335217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e847fa820619c3922021-12-21 10:22:14.443root 11241100x8000000000000000335218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798dcfda1b673a1b2021-12-21 10:22:14.444root 11241100x8000000000000000335219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab34e465281e0e22021-12-21 10:22:14.444root 11241100x8000000000000000335220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636a78cb5931cc762021-12-21 10:22:14.444root 11241100x8000000000000000335221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9f1f182a47e3a62021-12-21 10:22:14.444root 11241100x8000000000000000335222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f809a53b55d41722021-12-21 10:22:14.444root 11241100x8000000000000000335223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf537e6274d07052021-12-21 10:22:14.444root 11241100x8000000000000000335224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f3277070d2d81e2021-12-21 10:22:14.943root 11241100x8000000000000000335225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1909d210cb71cba72021-12-21 10:22:14.943root 11241100x8000000000000000335226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49110741d69f1222021-12-21 10:22:14.943root 11241100x8000000000000000335227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed11eb46e398a8fa2021-12-21 10:22:14.943root 11241100x8000000000000000335228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8900d90ef66cbd0d2021-12-21 10:22:14.943root 11241100x8000000000000000335229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665bdc607ac179b72021-12-21 10:22:14.943root 11241100x8000000000000000335230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baa044fae86e2b82021-12-21 10:22:14.943root 11241100x8000000000000000335231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f296ab0c007d066c2021-12-21 10:22:14.943root 11241100x8000000000000000335232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5274914fdad35b9c2021-12-21 10:22:14.944root 11241100x8000000000000000335233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5259c5d598725b2021-12-21 10:22:14.944root 11241100x8000000000000000335234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8f3cc4151b7d922021-12-21 10:22:14.944root 11241100x8000000000000000335235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc0d518d3dd0b892021-12-21 10:22:15.443root 11241100x8000000000000000335236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfea17b154575c522021-12-21 10:22:15.443root 11241100x8000000000000000335237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6d1334d0032c4b2021-12-21 10:22:15.443root 11241100x8000000000000000335238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c589de782445e48e2021-12-21 10:22:15.443root 11241100x8000000000000000335239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5da97bab83740d32021-12-21 10:22:15.443root 11241100x8000000000000000335240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695968ce08bdfc4f2021-12-21 10:22:15.443root 11241100x8000000000000000335241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1bc84cf68f959d2021-12-21 10:22:15.443root 11241100x8000000000000000335242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d22ee42482e552e2021-12-21 10:22:15.443root 11241100x8000000000000000335243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dd1b12f581f50a2021-12-21 10:22:15.443root 11241100x8000000000000000335244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3294e93e71baec2021-12-21 10:22:15.444root 11241100x8000000000000000335245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eb7670f9bdc1932021-12-21 10:22:15.444root 11241100x8000000000000000335246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0a144cba457faa2021-12-21 10:22:15.943root 11241100x8000000000000000335247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68e01ff904379692021-12-21 10:22:15.943root 11241100x8000000000000000335248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320069cc1f702b602021-12-21 10:22:15.943root 11241100x8000000000000000335249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c71c4519979d362021-12-21 10:22:15.943root 11241100x8000000000000000335250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d14befdaee94c42021-12-21 10:22:15.943root 11241100x8000000000000000335251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672761b1d7bffdcb2021-12-21 10:22:15.943root 11241100x8000000000000000335252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de0641c3d123a012021-12-21 10:22:15.943root 11241100x8000000000000000335253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48e8f7050e54c2c2021-12-21 10:22:15.943root 11241100x8000000000000000335254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098fc70897a2378e2021-12-21 10:22:15.944root 11241100x8000000000000000335255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1b88d2ca08b35f2021-12-21 10:22:15.944root 11241100x8000000000000000335256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002eb8eec462577b2021-12-21 10:22:15.944root 354300x8000000000000000335257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.069{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47000-false10.0.1.12-8000- 11241100x8000000000000000335258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ec1d7ddab79afa2021-12-21 10:22:16.443root 11241100x8000000000000000335259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9b9de1637d0db32021-12-21 10:22:16.443root 11241100x8000000000000000335260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829d0eca007ecfdc2021-12-21 10:22:16.443root 11241100x8000000000000000335261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5199922b22f8767a2021-12-21 10:22:16.443root 11241100x8000000000000000335262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11e622c0c5680232021-12-21 10:22:16.443root 11241100x8000000000000000335263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3874fe8eff668e2021-12-21 10:22:16.443root 11241100x8000000000000000335264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda6aa161071bb2f2021-12-21 10:22:16.443root 11241100x8000000000000000335265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057bbff1315eba832021-12-21 10:22:16.443root 11241100x8000000000000000335266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446c5f74ba3111f12021-12-21 10:22:16.444root 11241100x8000000000000000335267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e51b821d13decf2021-12-21 10:22:16.444root 11241100x8000000000000000335268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4982199b7b09d82021-12-21 10:22:16.444root 11241100x8000000000000000335269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac13bf3f0e3151112021-12-21 10:22:16.444root 11241100x8000000000000000335270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b84204c73024c012021-12-21 10:22:16.943root 11241100x8000000000000000335271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff1d1a6f005d99e2021-12-21 10:22:16.944root 11241100x8000000000000000335272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94147ed6ca313fb52021-12-21 10:22:16.944root 11241100x8000000000000000335273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2458bbbd930d6a512021-12-21 10:22:16.944root 11241100x8000000000000000335274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4b32231302374e2021-12-21 10:22:16.945root 11241100x8000000000000000335275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12eef9f35e601c2021-12-21 10:22:16.945root 11241100x8000000000000000335276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ac91064fa296122021-12-21 10:22:16.945root 11241100x8000000000000000335277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654ed7efc3f664482021-12-21 10:22:16.945root 11241100x8000000000000000335278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f97aabd701fbc62021-12-21 10:22:16.945root 11241100x8000000000000000335279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1e1dbd7cb6c43c2021-12-21 10:22:16.945root 11241100x8000000000000000335280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c562bb642b0336592021-12-21 10:22:16.946root 11241100x8000000000000000335281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ad7520af832c62021-12-21 10:22:16.946root 11241100x8000000000000000335282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a089a901747ab82021-12-21 10:22:17.443root 11241100x8000000000000000335283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f125fc414ecf7b7f2021-12-21 10:22:17.443root 11241100x8000000000000000335284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742cb0d5b5959812021-12-21 10:22:17.443root 11241100x8000000000000000335285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dce7341a7b7ebc2021-12-21 10:22:17.443root 11241100x8000000000000000335286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc00dab185d12d72021-12-21 10:22:17.443root 11241100x8000000000000000335287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c43a3ac42ee9a2c2021-12-21 10:22:17.443root 11241100x8000000000000000335288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3264bc0c5d59972021-12-21 10:22:17.443root 11241100x8000000000000000335289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2401216827f59a02021-12-21 10:22:17.443root 11241100x8000000000000000335290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe06840f626d4b3e2021-12-21 10:22:17.443root 11241100x8000000000000000335291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49c7ca4947428d2021-12-21 10:22:17.443root 11241100x8000000000000000335292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062ec19dfee4cca02021-12-21 10:22:17.444root 11241100x8000000000000000335293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce70768abefcb232021-12-21 10:22:17.444root 11241100x8000000000000000335294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793ecae0a82da7102021-12-21 10:22:17.943root 11241100x8000000000000000335295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53918309e59146692021-12-21 10:22:17.943root 11241100x8000000000000000335296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd54e14f60cbda2021-12-21 10:22:17.943root 11241100x8000000000000000335297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456223ca4db9ad452021-12-21 10:22:17.943root 11241100x8000000000000000335298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a723b4bd8e9f292021-12-21 10:22:17.943root 11241100x8000000000000000335299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d09dfb251071c02021-12-21 10:22:17.943root 11241100x8000000000000000335300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75446a75240e78c62021-12-21 10:22:17.944root 11241100x8000000000000000335301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a98daa843bbb822021-12-21 10:22:17.944root 11241100x8000000000000000335302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1eaa83bef1840f52021-12-21 10:22:17.944root 11241100x8000000000000000335303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e220c2e19d0abb1a2021-12-21 10:22:17.944root 11241100x8000000000000000335304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d1b7aa2995f70b2021-12-21 10:22:17.944root 11241100x8000000000000000335305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b60c3d2094317752021-12-21 10:22:17.944root 11241100x8000000000000000335306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efccc12821ae0bf02021-12-21 10:22:18.443root 11241100x8000000000000000335307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71cdbf44afeca12021-12-21 10:22:18.443root 11241100x8000000000000000335308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a80236ebaa830302021-12-21 10:22:18.443root 11241100x8000000000000000335309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb743df12f5cf922021-12-21 10:22:18.443root 11241100x8000000000000000335310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafb2712335212cc2021-12-21 10:22:18.443root 11241100x8000000000000000335311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308ed98ca5836fbe2021-12-21 10:22:18.443root 11241100x8000000000000000335312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36433b01885f9c42021-12-21 10:22:18.443root 11241100x8000000000000000335313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d82a516cde89f72021-12-21 10:22:18.443root 11241100x8000000000000000335314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b47c962885b022021-12-21 10:22:18.444root 11241100x8000000000000000335315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3179cc02942d72c2021-12-21 10:22:18.444root 11241100x8000000000000000335316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2349a39fd8ced2e32021-12-21 10:22:18.444root 11241100x8000000000000000335317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e75324f8c9e91f2021-12-21 10:22:18.444root 11241100x8000000000000000335318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a743c4a8a203afc52021-12-21 10:22:18.943root 11241100x8000000000000000335319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ef0ef0dcc601ed2021-12-21 10:22:18.943root 11241100x8000000000000000335320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e01bc4c0c873872021-12-21 10:22:18.943root 11241100x8000000000000000335321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f453b964d03c3562021-12-21 10:22:18.943root 11241100x8000000000000000335322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb56cbafcbc6df2021-12-21 10:22:18.943root 11241100x8000000000000000335323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e557b0f3abd0582021-12-21 10:22:18.943root 11241100x8000000000000000335324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ba1e400ffd822d2021-12-21 10:22:18.943root 11241100x8000000000000000335325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ff58aaa82a7c902021-12-21 10:22:18.944root 11241100x8000000000000000335326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888892baabe973902021-12-21 10:22:18.944root 11241100x8000000000000000335327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be99a681f1e25382021-12-21 10:22:18.944root 11241100x8000000000000000335328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57ece33d4c8347c2021-12-21 10:22:18.944root 11241100x8000000000000000335329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b310a93adccd54c72021-12-21 10:22:18.944root 11241100x8000000000000000335330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58246f018f0318812021-12-21 10:22:19.443root 11241100x8000000000000000335331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f432294f50286ef32021-12-21 10:22:19.443root 11241100x8000000000000000335332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248889f37a6b231a2021-12-21 10:22:19.443root 11241100x8000000000000000335333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35077ca30b3248d2021-12-21 10:22:19.443root 11241100x8000000000000000335334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a3f4fbb59a805c2021-12-21 10:22:19.443root 11241100x8000000000000000335335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c1dde0b75282352021-12-21 10:22:19.443root 11241100x8000000000000000335336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dd97eb07b57bc62021-12-21 10:22:19.443root 11241100x8000000000000000335337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad23d2368c8ee1b22021-12-21 10:22:19.443root 11241100x8000000000000000335338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c4ebd05504deef2021-12-21 10:22:19.443root 11241100x8000000000000000335339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc2af0bfc90aa962021-12-21 10:22:19.444root 11241100x8000000000000000335340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37ce4573b14d4052021-12-21 10:22:19.444root 11241100x8000000000000000335341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f646bd15f6bf2a82021-12-21 10:22:19.444root 11241100x8000000000000000335342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a587ccb7bed09f2021-12-21 10:22:19.943root 11241100x8000000000000000335343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeff0a3a908b3c52021-12-21 10:22:19.943root 11241100x8000000000000000335344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76fe457aa8608862021-12-21 10:22:19.943root 11241100x8000000000000000335345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42135d47162a9022021-12-21 10:22:19.943root 11241100x8000000000000000335346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2794706dda09fc82021-12-21 10:22:19.943root 11241100x8000000000000000335347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e5d95b8956e3ba2021-12-21 10:22:19.943root 11241100x8000000000000000335348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce664c25b0d65ac2021-12-21 10:22:19.943root 11241100x8000000000000000335349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfce6a046a7aeb12021-12-21 10:22:19.943root 11241100x8000000000000000335350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae788ee07b8380232021-12-21 10:22:19.944root 11241100x8000000000000000335351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66aad4260821e982021-12-21 10:22:19.944root 11241100x8000000000000000335352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7397eaa0e7fcb512021-12-21 10:22:19.944root 11241100x8000000000000000335353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc4635935a62f7e2021-12-21 10:22:19.944root 11241100x8000000000000000335354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4621b253a59d1beb2021-12-21 10:22:20.443root 11241100x8000000000000000335355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede257b5efe89ff12021-12-21 10:22:20.443root 11241100x8000000000000000335356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f9d9a0e7e7940c2021-12-21 10:22:20.443root 11241100x8000000000000000335357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155766605825a9f12021-12-21 10:22:20.443root 11241100x8000000000000000335358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c35dcb18f3e5c02021-12-21 10:22:20.443root 11241100x8000000000000000335359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679aa3900cd28a392021-12-21 10:22:20.443root 11241100x8000000000000000335360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63706fdfda9e67af2021-12-21 10:22:20.443root 11241100x8000000000000000335361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0466cf35505842da2021-12-21 10:22:20.443root 11241100x8000000000000000335362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49d67823a5783452021-12-21 10:22:20.444root 11241100x8000000000000000335363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a143e7e6361effa2021-12-21 10:22:20.444root 11241100x8000000000000000335364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69473ed6109bcd272021-12-21 10:22:20.444root 11241100x8000000000000000335365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3197184f67c1cf12021-12-21 10:22:20.444root 11241100x8000000000000000335366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499f27efad8fcec2021-12-21 10:22:20.943root 11241100x8000000000000000335367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b524c9b779d60b62021-12-21 10:22:20.943root 11241100x8000000000000000335368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6280e65f59985ee2021-12-21 10:22:20.943root 11241100x8000000000000000335369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863612f76225d0642021-12-21 10:22:20.943root 11241100x8000000000000000335370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55617a0012d488d2021-12-21 10:22:20.943root 11241100x8000000000000000335371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ce94bd997e2de2021-12-21 10:22:20.943root 11241100x8000000000000000335372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ab691449d2a452021-12-21 10:22:20.943root 11241100x8000000000000000335373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82df39545c5aa5122021-12-21 10:22:20.944root 11241100x8000000000000000335374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91fa5e751610b1f2021-12-21 10:22:20.944root 11241100x8000000000000000335375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48582eb92993dd8a2021-12-21 10:22:20.944root 11241100x8000000000000000335376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb9d691d6afefd92021-12-21 10:22:20.944root 11241100x8000000000000000335377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc42adff89ab32412021-12-21 10:22:20.944root 354300x8000000000000000335378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47002-false10.0.1.12-8000- 11241100x8000000000000000335379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e9a96d66d62a5b2021-12-21 10:22:21.443root 11241100x8000000000000000335380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698c0559b5e1d9ec2021-12-21 10:22:21.443root 11241100x8000000000000000335381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f324331143dddf2021-12-21 10:22:21.443root 11241100x8000000000000000335382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd78a81c12700a682021-12-21 10:22:21.443root 11241100x8000000000000000335383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f71a448f99e47b2021-12-21 10:22:21.443root 11241100x8000000000000000335384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cffa671cddec902021-12-21 10:22:21.443root 11241100x8000000000000000335385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be5d2e9e15cdf8b2021-12-21 10:22:21.443root 11241100x8000000000000000335386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e9ab85fb8705172021-12-21 10:22:21.443root 11241100x8000000000000000335387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9f1f2bcb523c8d2021-12-21 10:22:21.444root 11241100x8000000000000000335388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b967e04f2ba5137a2021-12-21 10:22:21.444root 11241100x8000000000000000335389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5714b04f8e522662021-12-21 10:22:21.444root 11241100x8000000000000000335390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da668913682773862021-12-21 10:22:21.444root 11241100x8000000000000000335391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fcf97c61a265262021-12-21 10:22:21.444root 11241100x8000000000000000335392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1753a1a48c9e77bc2021-12-21 10:22:21.943root 11241100x8000000000000000335393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf27f468050974c2021-12-21 10:22:21.943root 11241100x8000000000000000335394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05141fe3d0778c0d2021-12-21 10:22:21.943root 11241100x8000000000000000335395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534054ad30c8ad962021-12-21 10:22:21.943root 11241100x8000000000000000335396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c78186d2c7f14b02021-12-21 10:22:21.943root 11241100x8000000000000000335397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bb3831c0adb9982021-12-21 10:22:21.943root 11241100x8000000000000000335398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2745d632e4b57e42021-12-21 10:22:21.943root 11241100x8000000000000000335399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a90e9b032a79f2021-12-21 10:22:21.943root 11241100x8000000000000000335400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5964ddab7d61483e2021-12-21 10:22:21.944root 11241100x8000000000000000335401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2188b447705ad5452021-12-21 10:22:21.944root 11241100x8000000000000000335402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce5e740e4b39012021-12-21 10:22:21.944root 11241100x8000000000000000335403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2951fe8dad415ed2021-12-21 10:22:21.944root 11241100x8000000000000000335404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73936e8d8a55f1742021-12-21 10:22:21.944root 11241100x8000000000000000335405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a2aa801c8c3a0c2021-12-21 10:22:22.443root 11241100x8000000000000000335406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5f5bbf8f11b1772021-12-21 10:22:22.443root 11241100x8000000000000000335407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edc77885f76a0c2021-12-21 10:22:22.443root 11241100x8000000000000000335408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fd25cc2a2e88f42021-12-21 10:22:22.443root 11241100x8000000000000000335409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e0aa1e55bdef452021-12-21 10:22:22.443root 11241100x8000000000000000335410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b34ac8dbd57a6e92021-12-21 10:22:22.443root 11241100x8000000000000000335411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2a9fca9591d0eb2021-12-21 10:22:22.443root 11241100x8000000000000000335412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e3d6b94a9f30ce2021-12-21 10:22:22.443root 11241100x8000000000000000335413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b05401480e17042021-12-21 10:22:22.444root 11241100x8000000000000000335414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ecdd37cc6ef1522021-12-21 10:22:22.444root 11241100x8000000000000000335415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e88de3f8d5f3c22021-12-21 10:22:22.444root 11241100x8000000000000000335416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fb8f307a0cd9272021-12-21 10:22:22.444root 11241100x8000000000000000335417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e49194dd9d3f2b22021-12-21 10:22:22.444root 11241100x8000000000000000335418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9596eaea0ccfa82021-12-21 10:22:22.942root 11241100x8000000000000000335419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b8331827bbb7232021-12-21 10:22:22.943root 11241100x8000000000000000335420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907815e44523649b2021-12-21 10:22:22.943root 11241100x8000000000000000335421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77112ad11a38f93b2021-12-21 10:22:22.943root 11241100x8000000000000000335422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3631799423dce32021-12-21 10:22:22.943root 11241100x8000000000000000335423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006c9a49cb0c6f522021-12-21 10:22:22.944root 11241100x8000000000000000335424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6507aa1440a8022021-12-21 10:22:22.944root 11241100x8000000000000000335425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32b6e0378cc21bd2021-12-21 10:22:22.944root 11241100x8000000000000000335426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c63b2d7243dd8f2021-12-21 10:22:22.944root 11241100x8000000000000000335427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b566801b3bf083112021-12-21 10:22:22.945root 11241100x8000000000000000335428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc44fe53d305a572021-12-21 10:22:22.945root 11241100x8000000000000000335429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26caab3700f020e42021-12-21 10:22:22.945root 11241100x8000000000000000335430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0803719b26294e2021-12-21 10:22:22.945root 11241100x8000000000000000335431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9bea045ec462232021-12-21 10:22:22.945root 11241100x8000000000000000335432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae73407e5e152e652021-12-21 10:22:22.945root 11241100x8000000000000000335433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb06d5ef612b3e632021-12-21 10:22:22.945root 11241100x8000000000000000335434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dda773ae2991b52021-12-21 10:22:22.945root 11241100x8000000000000000335435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a64cbcf1d5ab3d2021-12-21 10:22:22.945root 11241100x8000000000000000335436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f80cc8c02c1802021-12-21 10:22:23.443root 11241100x8000000000000000335437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de009bc13a7debd2021-12-21 10:22:23.443root 11241100x8000000000000000335438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e94afd33b9fa52021-12-21 10:22:23.443root 11241100x8000000000000000335439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323c047cbdbb9c992021-12-21 10:22:23.444root 11241100x8000000000000000335440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165917946ee2dbb62021-12-21 10:22:23.444root 11241100x8000000000000000335441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2669bd7750b9d52021-12-21 10:22:23.444root 11241100x8000000000000000335442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75afcecd2b55f6a72021-12-21 10:22:23.444root 11241100x8000000000000000335443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e22432276ced01a2021-12-21 10:22:23.444root 11241100x8000000000000000335444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f5882ecb0d4fc12021-12-21 10:22:23.444root 11241100x8000000000000000335445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e5a2a5265d8682021-12-21 10:22:23.444root 11241100x8000000000000000335446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7cce17a77df8e42021-12-21 10:22:23.444root 11241100x8000000000000000335447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cc46d3ee0269ed2021-12-21 10:22:23.444root 11241100x8000000000000000335448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a968df07684d80442021-12-21 10:22:23.445root 11241100x8000000000000000335449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1c0f3dddd079d32021-12-21 10:22:23.943root 11241100x8000000000000000335450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cbf4ac9917b2a72021-12-21 10:22:23.943root 11241100x8000000000000000335451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f323d8d2a88eb82021-12-21 10:22:23.943root 11241100x8000000000000000335452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04ec3c7c915e8292021-12-21 10:22:23.943root 11241100x8000000000000000335453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05760c26a47471bf2021-12-21 10:22:23.944root 11241100x8000000000000000335454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7de4df320bd6912021-12-21 10:22:23.944root 11241100x8000000000000000335455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de68d21fd4c8cc2021-12-21 10:22:23.944root 11241100x8000000000000000335456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3502318b4ccf3c582021-12-21 10:22:23.944root 11241100x8000000000000000335457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bed45fcfad3dc052021-12-21 10:22:23.944root 11241100x8000000000000000335458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62caadca307b86ac2021-12-21 10:22:23.944root 11241100x8000000000000000335459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2490b8d51064117d2021-12-21 10:22:23.944root 11241100x8000000000000000335460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f205edd5cd8e88ab2021-12-21 10:22:23.944root 11241100x8000000000000000335461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7ac34c5eee6b92021-12-21 10:22:23.944root 11241100x8000000000000000335462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b98d5cf95ab512021-12-21 10:22:24.443root 11241100x8000000000000000335463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da311748b061d6c2021-12-21 10:22:24.443root 11241100x8000000000000000335464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff73ed99aa71232021-12-21 10:22:24.443root 11241100x8000000000000000335465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f9f31d86449312021-12-21 10:22:24.443root 11241100x8000000000000000335466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03103116c4411b92021-12-21 10:22:24.443root 11241100x8000000000000000335467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c88872057d1abd2021-12-21 10:22:24.443root 11241100x8000000000000000335468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d626c0575871dc2f2021-12-21 10:22:24.443root 11241100x8000000000000000335469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1db5af461536f32021-12-21 10:22:24.444root 11241100x8000000000000000335470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5132d92b43231a2021-12-21 10:22:24.444root 11241100x8000000000000000335471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9fa3d045478ddb2021-12-21 10:22:24.444root 11241100x8000000000000000335472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92547220e0ea11a2021-12-21 10:22:24.444root 11241100x8000000000000000335473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267c6360a8bc218e2021-12-21 10:22:24.444root 11241100x8000000000000000335474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946041f5a0e56f712021-12-21 10:22:24.444root 11241100x8000000000000000335475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb39e2662032cba32021-12-21 10:22:24.943root 11241100x8000000000000000335476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b904e9ce2ebd19e2021-12-21 10:22:24.943root 11241100x8000000000000000335477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beab05607de0da12021-12-21 10:22:24.943root 11241100x8000000000000000335478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36642b2050ace5d2021-12-21 10:22:24.943root 11241100x8000000000000000335479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d389b93f4fc5af7c2021-12-21 10:22:24.943root 11241100x8000000000000000335480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f6719ee5f496d12021-12-21 10:22:24.944root 11241100x8000000000000000335481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1ce9e4369658292021-12-21 10:22:24.944root 11241100x8000000000000000335482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b5b664e23685662021-12-21 10:22:24.944root 11241100x8000000000000000335483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da9b29beeac6c242021-12-21 10:22:24.944root 11241100x8000000000000000335484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc72a6d0f746962021-12-21 10:22:24.944root 11241100x8000000000000000335485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b6c4c2a9f0ddb22021-12-21 10:22:24.944root 11241100x8000000000000000335486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a94a2a0b70e8392021-12-21 10:22:24.944root 11241100x8000000000000000335487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0192e832c966bd2021-12-21 10:22:24.945root 354300x8000000000000000335488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.076{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34068-false10.0.1.12-8089- 11241100x8000000000000000335489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b1033bbc04bb372021-12-21 10:22:25.443root 11241100x8000000000000000335490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962044bd819d1ffc2021-12-21 10:22:25.443root 11241100x8000000000000000335491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54460e25dd693d672021-12-21 10:22:25.443root 11241100x8000000000000000335492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b953ad2b426232021-12-21 10:22:25.443root 11241100x8000000000000000335493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671e4eded1d93aab2021-12-21 10:22:25.443root 11241100x8000000000000000335494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421cb70f8b19d3c2021-12-21 10:22:25.443root 11241100x8000000000000000335495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e85166c50c198282021-12-21 10:22:25.443root 11241100x8000000000000000335496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7d210bbb40dd672021-12-21 10:22:25.444root 11241100x8000000000000000335497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2977651b87bcbf12021-12-21 10:22:25.444root 11241100x8000000000000000335498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f6a1a0e7f924192021-12-21 10:22:25.444root 11241100x8000000000000000335499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2241157b83af3982021-12-21 10:22:25.444root 11241100x8000000000000000335500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50d0b3cf0a05e982021-12-21 10:22:25.444root 11241100x8000000000000000335501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee68c77b7bf96b72021-12-21 10:22:25.444root 11241100x8000000000000000335502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae1c1b8e28479db2021-12-21 10:22:25.444root 11241100x8000000000000000335503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e44f8a0114c40db2021-12-21 10:22:25.943root 11241100x8000000000000000335504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e997c4a9a05c12021-12-21 10:22:25.943root 11241100x8000000000000000335505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d5e8f13540f8132021-12-21 10:22:25.943root 11241100x8000000000000000335506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796222041f87581a2021-12-21 10:22:25.943root 11241100x8000000000000000335507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e5494aae6699532021-12-21 10:22:25.943root 11241100x8000000000000000335508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c0a3eccf26fcab2021-12-21 10:22:25.943root 11241100x8000000000000000335509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c56a8489f8865de2021-12-21 10:22:25.944root 11241100x8000000000000000335510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e49ab7fc90c282021-12-21 10:22:25.944root 11241100x8000000000000000335511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56070b7cec610a42021-12-21 10:22:25.944root 11241100x8000000000000000335512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ed5d6d27541c52021-12-21 10:22:25.944root 11241100x8000000000000000335513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a75b576a87edf732021-12-21 10:22:25.944root 11241100x8000000000000000335514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb54dd619e379742021-12-21 10:22:25.944root 11241100x8000000000000000335515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade7587ac919ca732021-12-21 10:22:25.944root 11241100x8000000000000000335516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c112841f0a048c2021-12-21 10:22:25.944root 11241100x8000000000000000335517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca35dc126d66cf8f2021-12-21 10:22:26.443root 11241100x8000000000000000335518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad383adba44741ff2021-12-21 10:22:26.443root 11241100x8000000000000000335519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbaa87ad08022062021-12-21 10:22:26.443root 11241100x8000000000000000335520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d23a6aba51a8ef2021-12-21 10:22:26.444root 11241100x8000000000000000335521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b9db813e8de4ba2021-12-21 10:22:26.444root 11241100x8000000000000000335522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306195f74463e4c2021-12-21 10:22:26.444root 11241100x8000000000000000335523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80509fd8938cbb0c2021-12-21 10:22:26.444root 11241100x8000000000000000335524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a801a5a120f3b0932021-12-21 10:22:26.444root 11241100x8000000000000000335525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3294279418b2aa782021-12-21 10:22:26.444root 11241100x8000000000000000335526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9791383f6c4323cf2021-12-21 10:22:26.444root 11241100x8000000000000000335527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f7dde873f6a9542021-12-21 10:22:26.444root 11241100x8000000000000000335528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150f6d12583844132021-12-21 10:22:26.445root 11241100x8000000000000000335529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51bff928a0cce072021-12-21 10:22:26.445root 11241100x8000000000000000335530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375ab629a734ecdf2021-12-21 10:22:26.445root 11241100x8000000000000000335531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9dfb271b99d4902021-12-21 10:22:26.943root 11241100x8000000000000000335532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58bebe105bf8d242021-12-21 10:22:26.943root 11241100x8000000000000000335533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af458a97302f4762021-12-21 10:22:26.943root 11241100x8000000000000000335534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fff824257a6e8b2021-12-21 10:22:26.943root 11241100x8000000000000000335535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60211f5089fc2b82021-12-21 10:22:26.943root 11241100x8000000000000000335536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10068ba947f12982021-12-21 10:22:26.944root 11241100x8000000000000000335537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f719ce51e36222021-12-21 10:22:26.944root 11241100x8000000000000000335538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13076b04f916219e2021-12-21 10:22:26.944root 11241100x8000000000000000335539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68637071511c86c62021-12-21 10:22:26.944root 11241100x8000000000000000335540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e33712bb5bccfb2021-12-21 10:22:26.944root 11241100x8000000000000000335541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1258e729fe7c7e492021-12-21 10:22:26.944root 11241100x8000000000000000335542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fabeb9e74a4f692021-12-21 10:22:26.944root 11241100x8000000000000000335543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18849aacccfde89a2021-12-21 10:22:26.944root 11241100x8000000000000000335544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e174cac6263ae1342021-12-21 10:22:26.944root 354300x8000000000000000335545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47006-false10.0.1.12-8000- 11241100x8000000000000000335546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f88b541028211542021-12-21 10:22:27.443root 11241100x8000000000000000335547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7749b05eefb976562021-12-21 10:22:27.443root 11241100x8000000000000000335548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8825cc65de8634702021-12-21 10:22:27.443root 11241100x8000000000000000335549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0391fd81531961a32021-12-21 10:22:27.443root 11241100x8000000000000000335550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831359f59728b1d82021-12-21 10:22:27.443root 11241100x8000000000000000335551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae096566f43a922021-12-21 10:22:27.444root 11241100x8000000000000000335552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4539b1a8976b918e2021-12-21 10:22:27.444root 11241100x8000000000000000335553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5982cd68aa7a1a82021-12-21 10:22:27.444root 11241100x8000000000000000335554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8677133db5a54eaf2021-12-21 10:22:27.444root 11241100x8000000000000000335555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38dc27561760602021-12-21 10:22:27.444root 11241100x8000000000000000335556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402a3e531410781c2021-12-21 10:22:27.444root 11241100x8000000000000000335557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a97b8636ab89132021-12-21 10:22:27.444root 11241100x8000000000000000335558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375fc8009ac9b1e92021-12-21 10:22:27.444root 11241100x8000000000000000335559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de238dc7d372f5d12021-12-21 10:22:27.444root 11241100x8000000000000000335560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5476f036714765422021-12-21 10:22:27.444root 11241100x8000000000000000335561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b402aeb008d9e512021-12-21 10:22:27.943root 11241100x8000000000000000335562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aa391cc58e2a4c2021-12-21 10:22:27.943root 11241100x8000000000000000335563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c62d3b3ecb9a7d2021-12-21 10:22:27.943root 11241100x8000000000000000335564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fae2864c810b942021-12-21 10:22:27.943root 11241100x8000000000000000335565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26f239f23c3d1b92021-12-21 10:22:27.943root 11241100x8000000000000000335566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2bd4bfec922ebe2021-12-21 10:22:27.943root 11241100x8000000000000000335567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70967d3d0aeac0f02021-12-21 10:22:27.943root 11241100x8000000000000000335568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab9d993488fbebd2021-12-21 10:22:27.944root 11241100x8000000000000000335569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225746268c1b60d2021-12-21 10:22:27.944root 11241100x8000000000000000335570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8356be79991d252021-12-21 10:22:27.944root 11241100x8000000000000000335571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46339ba35a2f6d222021-12-21 10:22:27.944root 11241100x8000000000000000335572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e680c10c9de657e2021-12-21 10:22:27.944root 11241100x8000000000000000335573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99646865d44e6f872021-12-21 10:22:27.944root 11241100x8000000000000000335574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6de34cc64cffed42021-12-21 10:22:27.944root 11241100x8000000000000000335575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4a52f860284d6f2021-12-21 10:22:27.944root 11241100x8000000000000000335576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe7ff41b9a7a2262021-12-21 10:22:28.443root 11241100x8000000000000000335577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f10602374ef25dd2021-12-21 10:22:28.443root 11241100x8000000000000000335578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f20d83eab8a59d2021-12-21 10:22:28.443root 11241100x8000000000000000335579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712d4310d2237c32021-12-21 10:22:28.443root 11241100x8000000000000000335580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0fb50f6ad0da4e2021-12-21 10:22:28.443root 11241100x8000000000000000335581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ed9398f49467e02021-12-21 10:22:28.443root 11241100x8000000000000000335582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9fa0ac8ff2b3e92021-12-21 10:22:28.444root 11241100x8000000000000000335583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b4229213838542021-12-21 10:22:28.444root 11241100x8000000000000000335584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fb5ecda075d7292021-12-21 10:22:28.444root 11241100x8000000000000000335585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6205d7b77c1484d2021-12-21 10:22:28.444root 11241100x8000000000000000335586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b429c592bb3b8a12021-12-21 10:22:28.444root 11241100x8000000000000000335587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b7eb7119c13efd2021-12-21 10:22:28.444root 11241100x8000000000000000335588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d929cdb6155f1c982021-12-21 10:22:28.444root 11241100x8000000000000000335589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e434c427e6b9372021-12-21 10:22:28.444root 11241100x8000000000000000335590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fe0124fcbf96832021-12-21 10:22:28.444root 11241100x8000000000000000335591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9770244e7b5abe2021-12-21 10:22:28.943root 11241100x8000000000000000335592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cab76c3b90e9c7b2021-12-21 10:22:28.943root 11241100x8000000000000000335593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070c530024f7f29d2021-12-21 10:22:28.943root 11241100x8000000000000000335594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78490a38fc7d329c2021-12-21 10:22:28.943root 11241100x8000000000000000335595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9dd5d328d1eb382021-12-21 10:22:28.943root 11241100x8000000000000000335596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8c25e11a1f28252021-12-21 10:22:28.943root 11241100x8000000000000000335597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d0df28d01f38702021-12-21 10:22:28.944root 11241100x8000000000000000335598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff503b984584b82021-12-21 10:22:28.944root 11241100x8000000000000000335599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff30859283c2c0372021-12-21 10:22:28.944root 11241100x8000000000000000335600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe50da8fbfbc5842021-12-21 10:22:28.944root 11241100x8000000000000000335601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d859ad5ca0b9bebc2021-12-21 10:22:28.944root 11241100x8000000000000000335602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008e73a9ac99fd992021-12-21 10:22:28.944root 11241100x8000000000000000335603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792ce953067c8a622021-12-21 10:22:28.944root 11241100x8000000000000000335604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df62854af7deac2021-12-21 10:22:28.944root 11241100x8000000000000000335605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4742fdbb29f52d2021-12-21 10:22:28.944root 11241100x8000000000000000335606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f662ab5d70857f82021-12-21 10:22:29.443root 11241100x8000000000000000335607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a01ee85b62aba12021-12-21 10:22:29.443root 11241100x8000000000000000335608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12b2ac26117864e2021-12-21 10:22:29.443root 11241100x8000000000000000335609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600d0409dd6fa2e62021-12-21 10:22:29.443root 11241100x8000000000000000335610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0533b7f180962e952021-12-21 10:22:29.443root 11241100x8000000000000000335611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de7a714edc5f1f2021-12-21 10:22:29.444root 11241100x8000000000000000335612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54376e8fb2dd43d02021-12-21 10:22:29.444root 11241100x8000000000000000335613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c43e3b0c3948f02021-12-21 10:22:29.444root 11241100x8000000000000000335614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bb4a315d9da15e2021-12-21 10:22:29.444root 11241100x8000000000000000335615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800ec055eb91ac32021-12-21 10:22:29.444root 11241100x8000000000000000335616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5afd8a2106b3b382021-12-21 10:22:29.444root 11241100x8000000000000000335617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29a93783564a8fb2021-12-21 10:22:29.444root 11241100x8000000000000000335618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56d469c431500e92021-12-21 10:22:29.444root 11241100x8000000000000000335619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18949c116fd199d92021-12-21 10:22:29.444root 11241100x8000000000000000335620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5ac49b76bc9e92021-12-21 10:22:29.444root 11241100x8000000000000000335621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9298516831edf852021-12-21 10:22:29.943root 11241100x8000000000000000335622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04693ff7710d9ec42021-12-21 10:22:29.943root 11241100x8000000000000000335623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b13090accf43e42021-12-21 10:22:29.943root 11241100x8000000000000000335624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e608c10f33e74f2021-12-21 10:22:29.943root 11241100x8000000000000000335625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d81b4da6ffc3152021-12-21 10:22:29.943root 11241100x8000000000000000335626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3565c2c7e7e338cd2021-12-21 10:22:29.944root 11241100x8000000000000000335627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd219a81e4f039cb2021-12-21 10:22:29.944root 11241100x8000000000000000335628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2517f8171c8282021-12-21 10:22:29.944root 11241100x8000000000000000335629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94483703498bafd2021-12-21 10:22:29.944root 11241100x8000000000000000335630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528d3576271557052021-12-21 10:22:29.945root 11241100x8000000000000000335631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2981d91c8a3ad1df2021-12-21 10:22:29.945root 11241100x8000000000000000335632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466c0903f6c633492021-12-21 10:22:29.945root 11241100x8000000000000000335633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4a4ba43cfb9242021-12-21 10:22:29.945root 11241100x8000000000000000335634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb0662884989892021-12-21 10:22:29.945root 11241100x8000000000000000335635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db43454c292d724b2021-12-21 10:22:29.945root 11241100x8000000000000000335636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b36313f4ce50962021-12-21 10:22:30.443root 11241100x8000000000000000335637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afbe577114807432021-12-21 10:22:30.443root 11241100x8000000000000000335638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23cffe4502c35502021-12-21 10:22:30.443root 11241100x8000000000000000335639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d84b5b06529f182021-12-21 10:22:30.443root 11241100x8000000000000000335640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5f2c623bf553542021-12-21 10:22:30.443root 11241100x8000000000000000335641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3f563e85e346c2021-12-21 10:22:30.443root 11241100x8000000000000000335642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4d35e0bdd927452021-12-21 10:22:30.443root 11241100x8000000000000000335643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e8e07dc03beb82021-12-21 10:22:30.444root 11241100x8000000000000000335644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c593e32d75e402021-12-21 10:22:30.444root 11241100x8000000000000000335645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd929e92840a20eb2021-12-21 10:22:30.444root 11241100x8000000000000000335646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374245c8dffef52f2021-12-21 10:22:30.444root 11241100x8000000000000000335647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8eeb95577717d22021-12-21 10:22:30.444root 11241100x8000000000000000335648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ed5a4ec3a85952021-12-21 10:22:30.444root 11241100x8000000000000000335649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d6b09b5acb60012021-12-21 10:22:30.444root 11241100x8000000000000000335650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbe37fc3dcc0d972021-12-21 10:22:30.444root 11241100x8000000000000000335651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a0b9d5391828bf2021-12-21 10:22:30.943root 11241100x8000000000000000335652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245277fa8ae9d1b12021-12-21 10:22:30.943root 11241100x8000000000000000335653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64704641764f58c92021-12-21 10:22:30.943root 11241100x8000000000000000335654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d9b6c1326ac6b32021-12-21 10:22:30.943root 11241100x8000000000000000335655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1479ab72ebcb6a42021-12-21 10:22:30.943root 11241100x8000000000000000335656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e21087beab3de6f2021-12-21 10:22:30.943root 11241100x8000000000000000335657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1590ecc33d3bffa2021-12-21 10:22:30.943root 11241100x8000000000000000335658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae021d71ace84462021-12-21 10:22:30.943root 11241100x8000000000000000335659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77e267f471c6f1d2021-12-21 10:22:30.944root 11241100x8000000000000000335660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755d83185135cd6d2021-12-21 10:22:30.944root 11241100x8000000000000000335661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b751cdd94cb7c602021-12-21 10:22:30.944root 11241100x8000000000000000335662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af254ffa1ca79bba2021-12-21 10:22:30.944root 11241100x8000000000000000335663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513994569ebb91632021-12-21 10:22:30.944root 11241100x8000000000000000335664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56c34a346c99c8c2021-12-21 10:22:30.944root 11241100x8000000000000000335665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4852cb012cadd662021-12-21 10:22:30.944root 11241100x8000000000000000335666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a09ed7dec1ddb2021-12-21 10:22:31.443root 11241100x8000000000000000335667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff66c469cd5dc4b2021-12-21 10:22:31.443root 11241100x8000000000000000335668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93aaec61a26cfd22021-12-21 10:22:31.444root 11241100x8000000000000000335669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88860ba61716aa672021-12-21 10:22:31.444root 11241100x8000000000000000335670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da48e0f1ca23ba92021-12-21 10:22:31.444root 11241100x8000000000000000335671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f99d4d66f800f52021-12-21 10:22:31.445root 11241100x8000000000000000335672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591aebeb7f5da93a2021-12-21 10:22:31.445root 11241100x8000000000000000335673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85b62842b155c1e2021-12-21 10:22:31.445root 11241100x8000000000000000335674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5707fe59c7675a82021-12-21 10:22:31.445root 11241100x8000000000000000335675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f410ae663d280fe42021-12-21 10:22:31.445root 11241100x8000000000000000335676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b0b36dbec182c32021-12-21 10:22:31.445root 11241100x8000000000000000335677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecfab2b5f0b50dd2021-12-21 10:22:31.446root 11241100x8000000000000000335678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abb8ab3ff3bb3a32021-12-21 10:22:31.446root 11241100x8000000000000000335679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2799cb47e7bce29b2021-12-21 10:22:31.446root 11241100x8000000000000000335680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0165768209cc0ee2021-12-21 10:22:31.446root 11241100x8000000000000000335681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b778369b8c1313f2021-12-21 10:22:31.943root 11241100x8000000000000000335682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc9da189f79ac4d2021-12-21 10:22:31.943root 11241100x8000000000000000335683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f431ce41f564d96c2021-12-21 10:22:31.943root 11241100x8000000000000000335684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf034b90ec8a44c2021-12-21 10:22:31.943root 11241100x8000000000000000335685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5859624d67237932021-12-21 10:22:31.943root 11241100x8000000000000000335686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2040d5c3a3767d6f2021-12-21 10:22:31.943root 11241100x8000000000000000335687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7ce6b36ab2ac62021-12-21 10:22:31.943root 11241100x8000000000000000335688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad806f2614873cb2021-12-21 10:22:31.943root 11241100x8000000000000000335689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea7d155958b3fc2021-12-21 10:22:31.944root 11241100x8000000000000000335690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcddfcb2cf6958132021-12-21 10:22:31.944root 11241100x8000000000000000335691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207e90867be6d5b02021-12-21 10:22:31.944root 11241100x8000000000000000335692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1568b185685d5ff32021-12-21 10:22:31.944root 11241100x8000000000000000335693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a686b094de976302021-12-21 10:22:31.944root 11241100x8000000000000000335694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f61a921d0959982021-12-21 10:22:31.944root 11241100x8000000000000000335695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac44d500e00404e02021-12-21 10:22:31.944root 11241100x8000000000000000335696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eea1ef5e3384d22021-12-21 10:22:32.443root 11241100x8000000000000000335697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83efbe8ff601926e2021-12-21 10:22:32.443root 11241100x8000000000000000335698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978a717f6d6784e42021-12-21 10:22:32.443root 11241100x8000000000000000335699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6a5af1cdc5658d2021-12-21 10:22:32.443root 11241100x8000000000000000335700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228896f332eeeb712021-12-21 10:22:32.443root 11241100x8000000000000000335701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca15acf1355058e22021-12-21 10:22:32.443root 11241100x8000000000000000335702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d846509a5d409be72021-12-21 10:22:32.443root 11241100x8000000000000000335703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f4fc21d87edcf2021-12-21 10:22:32.444root 11241100x8000000000000000335704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53896646f4d85352021-12-21 10:22:32.444root 11241100x8000000000000000335705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa62d069e3e56dbd2021-12-21 10:22:32.444root 11241100x8000000000000000335706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581c0630edfb77162021-12-21 10:22:32.444root 11241100x8000000000000000335707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7d9ddac0692af2021-12-21 10:22:32.444root 11241100x8000000000000000335708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f11079104aa0f42021-12-21 10:22:32.444root 11241100x8000000000000000335709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e5e8b06b750092021-12-21 10:22:32.444root 11241100x8000000000000000335710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5806edb7a671aa2021-12-21 10:22:32.444root 11241100x8000000000000000335711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bbf487b9c8063b2021-12-21 10:22:32.943root 11241100x8000000000000000335712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d72360a9ad9c72021-12-21 10:22:32.943root 11241100x8000000000000000335713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9560272f2f515252021-12-21 10:22:32.943root 11241100x8000000000000000335714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82379402cc8248db2021-12-21 10:22:32.943root 11241100x8000000000000000335715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c720d5eb91d490292021-12-21 10:22:32.943root 11241100x8000000000000000335716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a5db7abbcfd64d2021-12-21 10:22:32.943root 11241100x8000000000000000335717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b15cd375d81c8d2021-12-21 10:22:32.944root 11241100x8000000000000000335718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f008844dbd9b3a352021-12-21 10:22:32.944root 11241100x8000000000000000335719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba7f9656d9a5adc2021-12-21 10:22:32.944root 11241100x8000000000000000335720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb085c0543eece202021-12-21 10:22:32.944root 11241100x8000000000000000335721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab24040b8d63fe22021-12-21 10:22:32.944root 11241100x8000000000000000335722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56415224f76e80d22021-12-21 10:22:32.944root 11241100x8000000000000000335723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3ba7c0249a9fe92021-12-21 10:22:32.944root 11241100x8000000000000000335724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b3c7712361a3012021-12-21 10:22:32.944root 11241100x8000000000000000335725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766b70e1bc6d373a2021-12-21 10:22:32.944root 354300x8000000000000000335726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.016{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47008-false10.0.1.12-8000- 11241100x8000000000000000335727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ac4811eb8335cb2021-12-21 10:22:33.443root 11241100x8000000000000000335728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20682997866d66692021-12-21 10:22:33.443root 11241100x8000000000000000335729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c16f28f19e5cc2021-12-21 10:22:33.444root 11241100x8000000000000000335730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ed53dbf28365dc2021-12-21 10:22:33.444root 11241100x8000000000000000335731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee9f15785289ebf2021-12-21 10:22:33.444root 11241100x8000000000000000335732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4151d77fe6ff1f92021-12-21 10:22:33.445root 11241100x8000000000000000335733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e9eb5296723252021-12-21 10:22:33.445root 11241100x8000000000000000335734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669490fcb82bb3742021-12-21 10:22:33.445root 11241100x8000000000000000335735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8e99f4ca72745d2021-12-21 10:22:33.445root 11241100x8000000000000000335736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f6ec13e175391a2021-12-21 10:22:33.445root 11241100x8000000000000000335737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454cc4d3f0b595d72021-12-21 10:22:33.445root 11241100x8000000000000000335738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db89139ec3af128d2021-12-21 10:22:33.445root 11241100x8000000000000000335739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e98ab76d7928852021-12-21 10:22:33.445root 11241100x8000000000000000335740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c102f1e88690d42021-12-21 10:22:33.445root 11241100x8000000000000000335741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54ae220363ec5952021-12-21 10:22:33.445root 11241100x8000000000000000335742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a056a1a8cab7922021-12-21 10:22:33.446root 11241100x8000000000000000335743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7bbeb237da1f642021-12-21 10:22:33.943root 11241100x8000000000000000335744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c980aa469a342e2021-12-21 10:22:33.943root 11241100x8000000000000000335745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a37b1c4c34bf062021-12-21 10:22:33.943root 11241100x8000000000000000335746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a951c2fc251b7e2021-12-21 10:22:33.943root 11241100x8000000000000000335747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86ee4bc8d551052021-12-21 10:22:33.943root 11241100x8000000000000000335748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedefd02848419692021-12-21 10:22:33.943root 11241100x8000000000000000335749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d502ef4717d2f2021-12-21 10:22:33.944root 11241100x8000000000000000335750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5e9eb466e694782021-12-21 10:22:33.944root 11241100x8000000000000000335751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b36a931c912e142021-12-21 10:22:33.944root 11241100x8000000000000000335752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d7ced154b11a102021-12-21 10:22:33.944root 11241100x8000000000000000335753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e98dbf6d26f0752021-12-21 10:22:33.944root 11241100x8000000000000000335754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44d518b8b5b039c2021-12-21 10:22:33.944root 11241100x8000000000000000335755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51777f9a2b9e10422021-12-21 10:22:33.944root 11241100x8000000000000000335756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ed8b5ff477f8ab2021-12-21 10:22:33.944root 11241100x8000000000000000335757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b7727f4de4fbbf2021-12-21 10:22:33.944root 11241100x8000000000000000335758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c46a12460a2a0f2021-12-21 10:22:33.944root 11241100x8000000000000000335759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406aefeea0c04b672021-12-21 10:22:34.443root 11241100x8000000000000000335760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e143291b660e20b2021-12-21 10:22:34.443root 11241100x8000000000000000335761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6a05cdaf56395f2021-12-21 10:22:34.443root 11241100x8000000000000000335762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9a5601edb7f8292021-12-21 10:22:34.443root 11241100x8000000000000000335763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c51ab131f397692021-12-21 10:22:34.444root 11241100x8000000000000000335764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864cfa9318955d3b2021-12-21 10:22:34.444root 11241100x8000000000000000335765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eed1e3f0fd74f2c2021-12-21 10:22:34.444root 11241100x8000000000000000335766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a794bce116038b2021-12-21 10:22:34.444root 11241100x8000000000000000335767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134dc69c68d90e2e2021-12-21 10:22:34.444root 11241100x8000000000000000335768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e114f91502c8c1132021-12-21 10:22:34.444root 11241100x8000000000000000335769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f0896082c73bcb2021-12-21 10:22:34.444root 11241100x8000000000000000335770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48b8c435bc0fe282021-12-21 10:22:34.444root 11241100x8000000000000000335771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e06d4ca0b2eb02c2021-12-21 10:22:34.444root 11241100x8000000000000000335772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869ac183abd1c8262021-12-21 10:22:34.444root 11241100x8000000000000000335773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe55cc7c351eb1c2021-12-21 10:22:34.445root 11241100x8000000000000000335774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb8ab84267834fb2021-12-21 10:22:34.445root 11241100x8000000000000000335775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7266d702a6a85d032021-12-21 10:22:34.943root 11241100x8000000000000000335776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ed536ade6bb04c2021-12-21 10:22:34.943root 11241100x8000000000000000335777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2ba245d6d1d0982021-12-21 10:22:34.943root 11241100x8000000000000000335778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c04485347c9d5422021-12-21 10:22:34.944root 11241100x8000000000000000335779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f20178cba3328c2021-12-21 10:22:34.944root 11241100x8000000000000000335780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46c31843b1113fd2021-12-21 10:22:34.944root 11241100x8000000000000000335781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b83b106596c1ed2021-12-21 10:22:34.944root 11241100x8000000000000000335782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec16d964d3766522021-12-21 10:22:34.944root 11241100x8000000000000000335783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2e9d7b0c9f7e832021-12-21 10:22:34.944root 11241100x8000000000000000335784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015adda349bf358d2021-12-21 10:22:34.944root 11241100x8000000000000000335785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa107b9c7af376d2021-12-21 10:22:34.944root 11241100x8000000000000000335786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f62525bf2c1a42021-12-21 10:22:34.944root 11241100x8000000000000000335787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041b59ea959040792021-12-21 10:22:34.945root 11241100x8000000000000000335788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59b8b6ded51238a2021-12-21 10:22:34.945root 11241100x8000000000000000335789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486c227fa93283692021-12-21 10:22:34.945root 11241100x8000000000000000335790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6006dfa5e21232021-12-21 10:22:34.945root 11241100x8000000000000000335791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad627c975a47ba22021-12-21 10:22:35.443root 11241100x8000000000000000335792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b3118eda44c7592021-12-21 10:22:35.443root 11241100x8000000000000000335793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8e0cfb676290012021-12-21 10:22:35.443root 11241100x8000000000000000335794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603ecadeb48a3d332021-12-21 10:22:35.443root 11241100x8000000000000000335795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2883a1dd12521a2021-12-21 10:22:35.444root 11241100x8000000000000000335796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7ac8b4ab9e19fd2021-12-21 10:22:35.444root 11241100x8000000000000000335797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61db768bf17b222021-12-21 10:22:35.444root 11241100x8000000000000000335798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdd054432282fbd2021-12-21 10:22:35.444root 11241100x8000000000000000335799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b61f17535fb3d2021-12-21 10:22:35.444root 11241100x8000000000000000335800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cace661d37ff362021-12-21 10:22:35.444root 11241100x8000000000000000335801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2ed9c6e16e0f9f2021-12-21 10:22:35.444root 11241100x8000000000000000335802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b7f9e5fe47365c2021-12-21 10:22:35.444root 11241100x8000000000000000335803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6d847e23f01612021-12-21 10:22:35.444root 11241100x8000000000000000335804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc034335b1ca84f2021-12-21 10:22:35.445root 11241100x8000000000000000335805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228d157fc1e2deb52021-12-21 10:22:35.445root 11241100x8000000000000000335806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f833387833c7542021-12-21 10:22:35.445root 11241100x8000000000000000335807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68101d2c32fd6c92021-12-21 10:22:35.943root 11241100x8000000000000000335808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b34de5df5e7e6302021-12-21 10:22:35.943root 11241100x8000000000000000335809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f49d2ede4884a62021-12-21 10:22:35.943root 11241100x8000000000000000335810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7a5b0542cbf432021-12-21 10:22:35.943root 11241100x8000000000000000335811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbecebd46047a562021-12-21 10:22:35.944root 11241100x8000000000000000335812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a25cc7664c55682021-12-21 10:22:35.944root 11241100x8000000000000000335813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656db4d1d84a47092021-12-21 10:22:35.944root 11241100x8000000000000000335814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ba7df3c20b6c152021-12-21 10:22:35.944root 11241100x8000000000000000335815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad333e55b914f9d42021-12-21 10:22:35.944root 11241100x8000000000000000335816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a0bae592fae8a2021-12-21 10:22:35.944root 11241100x8000000000000000335817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c501ab3ebd25fdb52021-12-21 10:22:35.944root 11241100x8000000000000000335818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8902599d40d3a32021-12-21 10:22:35.944root 11241100x8000000000000000335819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b21fce7fc59e2fd2021-12-21 10:22:35.944root 11241100x8000000000000000335820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bfe491ace628602021-12-21 10:22:35.945root 11241100x8000000000000000335821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11b0c503854b1aa2021-12-21 10:22:35.945root 11241100x8000000000000000335822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97dc53c836a55c32021-12-21 10:22:35.945root 11241100x8000000000000000335823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7373781d751871a2021-12-21 10:22:36.443root 11241100x8000000000000000335824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28379df79a9a2f742021-12-21 10:22:36.443root 11241100x8000000000000000335825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6649ea37115c592021-12-21 10:22:36.443root 11241100x8000000000000000335826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd901a4f0d61b562021-12-21 10:22:36.443root 11241100x8000000000000000335827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b34683f1a9adea2021-12-21 10:22:36.444root 11241100x8000000000000000335828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdf662ed56e23c52021-12-21 10:22:36.444root 11241100x8000000000000000335829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2461ab6d224eb22021-12-21 10:22:36.444root 11241100x8000000000000000335830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891308877e26dcde2021-12-21 10:22:36.444root 11241100x8000000000000000335831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f1aae198a259d22021-12-21 10:22:36.444root 11241100x8000000000000000335832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e5b67f1e91d6522021-12-21 10:22:36.444root 11241100x8000000000000000335833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11af7e5cdf57cd2021-12-21 10:22:36.444root 11241100x8000000000000000335834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3882234ee8af8822021-12-21 10:22:36.444root 11241100x8000000000000000335835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed2873ad961da0d2021-12-21 10:22:36.445root 11241100x8000000000000000335836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a32f44093cc38132021-12-21 10:22:36.445root 11241100x8000000000000000335837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419e3c2b3a6dbd162021-12-21 10:22:36.445root 11241100x8000000000000000335838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1149a829fa848a752021-12-21 10:22:36.445root 11241100x8000000000000000335839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.520{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:22:36.520root 11241100x8000000000000000335840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9512f28590de70ca2021-12-21 10:22:36.943root 11241100x8000000000000000335841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88368969fac1e8522021-12-21 10:22:36.943root 11241100x8000000000000000335842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae77d3d223023df2021-12-21 10:22:36.943root 11241100x8000000000000000335843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d103ffc348e92d2021-12-21 10:22:36.944root 11241100x8000000000000000335844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85024592897c22e82021-12-21 10:22:36.944root 11241100x8000000000000000335845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f6e7b4da99d0fb2021-12-21 10:22:36.944root 11241100x8000000000000000335846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378ed3e213e7a9c2021-12-21 10:22:36.944root 11241100x8000000000000000335847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c637c8ce6c3a0ce42021-12-21 10:22:36.944root 11241100x8000000000000000335848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe2e6b9ae53582a2021-12-21 10:22:36.944root 11241100x8000000000000000335849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae73819db0f63e42021-12-21 10:22:36.944root 11241100x8000000000000000335850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2051fda8d73f462021-12-21 10:22:36.945root 11241100x8000000000000000335851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f366af9dfce72e2021-12-21 10:22:36.945root 11241100x8000000000000000335852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd1bafbb06ddf52021-12-21 10:22:36.945root 11241100x8000000000000000335853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aa00a46f437c4e2021-12-21 10:22:36.945root 11241100x8000000000000000335854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf72e5cf426772322021-12-21 10:22:36.945root 11241100x8000000000000000335855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7207ef14db82a4162021-12-21 10:22:36.945root 11241100x8000000000000000335856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4a7821be2931a52021-12-21 10:22:36.945root 11241100x8000000000000000335857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b97ca4c75794892021-12-21 10:22:37.443root 11241100x8000000000000000335858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aedca08da66fc212021-12-21 10:22:37.443root 11241100x8000000000000000335859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30240998615a03332021-12-21 10:22:37.443root 11241100x8000000000000000335860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd54947b8a95f6f2021-12-21 10:22:37.444root 11241100x8000000000000000335861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f801af766ec439a92021-12-21 10:22:37.444root 11241100x8000000000000000335862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c70c8f7c6c7a582021-12-21 10:22:37.444root 11241100x8000000000000000335863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce37ce7e68418ba2021-12-21 10:22:37.444root 11241100x8000000000000000335864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef505a87e29eb942021-12-21 10:22:37.444root 11241100x8000000000000000335865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641560a6be3f9cad2021-12-21 10:22:37.444root 11241100x8000000000000000335866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c67180657b98312021-12-21 10:22:37.444root 11241100x8000000000000000335867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11013741284541692021-12-21 10:22:37.444root 11241100x8000000000000000335868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda57885b663fca2021-12-21 10:22:37.444root 11241100x8000000000000000335869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2c9a620444600d2021-12-21 10:22:37.444root 11241100x8000000000000000335870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bf2e73d9a3858d2021-12-21 10:22:37.445root 11241100x8000000000000000335871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4d132deee1e2ec2021-12-21 10:22:37.445root 11241100x8000000000000000335872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422969d9947359e2021-12-21 10:22:37.445root 11241100x8000000000000000335873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2c518b1e4c8da92021-12-21 10:22:37.445root 11241100x8000000000000000335874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e17363ab2c85e0b2021-12-21 10:22:37.943root 11241100x8000000000000000335875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15057ad649b13cfd2021-12-21 10:22:37.943root 11241100x8000000000000000335876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea08c9be68bbabd2021-12-21 10:22:37.943root 11241100x8000000000000000335877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7332b386e4639b302021-12-21 10:22:37.943root 11241100x8000000000000000335878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fffe63ba56abbe2021-12-21 10:22:37.944root 11241100x8000000000000000335879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ca4feebe908a1b2021-12-21 10:22:37.944root 11241100x8000000000000000335880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d5b0fa78d42e7e2021-12-21 10:22:37.944root 11241100x8000000000000000335881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6c0c3ad06a3fa72021-12-21 10:22:37.944root 11241100x8000000000000000335882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338ee6a15d19b8872021-12-21 10:22:37.944root 11241100x8000000000000000335883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fb598766340b2c2021-12-21 10:22:37.944root 11241100x8000000000000000335884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f78b22d0acec392021-12-21 10:22:37.944root 11241100x8000000000000000335885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acecc46004bb2ce2021-12-21 10:22:37.944root 11241100x8000000000000000335886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93caf4ea3d4516f52021-12-21 10:22:37.944root 11241100x8000000000000000335887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd0e5aae89d836b2021-12-21 10:22:37.945root 11241100x8000000000000000335888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db641716572cf4be2021-12-21 10:22:37.945root 11241100x8000000000000000335889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4747b5d7518980892021-12-21 10:22:37.945root 11241100x8000000000000000335890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e7360a40610ca92021-12-21 10:22:37.945root 354300x8000000000000000335891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47010-false10.0.1.12-8000- 11241100x8000000000000000335892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7128ae9de430f3022021-12-21 10:22:38.443root 11241100x8000000000000000335893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b020520ed2f2d42021-12-21 10:22:38.444root 11241100x8000000000000000335894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af4bcf8ca9214c2021-12-21 10:22:38.444root 11241100x8000000000000000335895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db7b2c3d05740c82021-12-21 10:22:38.444root 11241100x8000000000000000335896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864f0c8a9b9aa3ba2021-12-21 10:22:38.444root 11241100x8000000000000000335897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90edb7529d5c51fc2021-12-21 10:22:38.444root 11241100x8000000000000000335898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29b2a69a6c4c2d82021-12-21 10:22:38.444root 11241100x8000000000000000335899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff680e3cd4a85a2d2021-12-21 10:22:38.445root 11241100x8000000000000000335900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2575aa1774166c42021-12-21 10:22:38.445root 11241100x8000000000000000335901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b17f06e516f982021-12-21 10:22:38.445root 11241100x8000000000000000335902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8a24987908bc2a2021-12-21 10:22:38.445root 11241100x8000000000000000335903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7986f580b5a8b2021-12-21 10:22:38.445root 11241100x8000000000000000335904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5b616a416ac2422021-12-21 10:22:38.445root 11241100x8000000000000000335905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792a0c2578910dd32021-12-21 10:22:38.445root 11241100x8000000000000000335906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e1c364ceb171a72021-12-21 10:22:38.446root 11241100x8000000000000000335907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54876d59ec2c37b92021-12-21 10:22:38.446root 11241100x8000000000000000335908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e512168d88ed32021-12-21 10:22:38.446root 11241100x8000000000000000335909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cc826a7344c4a82021-12-21 10:22:38.446root 11241100x8000000000000000335910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6a7ed761b292fd2021-12-21 10:22:38.943root 11241100x8000000000000000335911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7747fddfdf46352021-12-21 10:22:38.943root 11241100x8000000000000000335912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db38d6e4d39e33f2021-12-21 10:22:38.943root 11241100x8000000000000000335913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753fc78f6aa7aac02021-12-21 10:22:38.943root 11241100x8000000000000000335914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6da8cd5b960162021-12-21 10:22:38.944root 11241100x8000000000000000335915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5e713d93a70512021-12-21 10:22:38.944root 11241100x8000000000000000335916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82baeb5dd45c8a52021-12-21 10:22:38.944root 11241100x8000000000000000335917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcffa92721475422021-12-21 10:22:38.944root 11241100x8000000000000000335918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9372b724575d4692021-12-21 10:22:38.944root 11241100x8000000000000000335919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e867b1f86ee4bb52021-12-21 10:22:38.944root 11241100x8000000000000000335920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62feaf5597d048182021-12-21 10:22:38.944root 11241100x8000000000000000335921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e60053a412d48d2021-12-21 10:22:38.944root 11241100x8000000000000000335922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03e8356e2c87bd42021-12-21 10:22:38.944root 11241100x8000000000000000335923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea2a82a1bdf7afa2021-12-21 10:22:38.944root 11241100x8000000000000000335924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b31a14cdff4a72021-12-21 10:22:38.945root 11241100x8000000000000000335925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8da08b69942abd92021-12-21 10:22:38.945root 11241100x8000000000000000335926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c71f82fb50217942021-12-21 10:22:38.945root 11241100x8000000000000000335927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f14cb82aa3111d12021-12-21 10:22:38.945root 11241100x8000000000000000335928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290df4770ce4e8af2021-12-21 10:22:39.443root 11241100x8000000000000000335929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42227c64daf85f982021-12-21 10:22:39.444root 11241100x8000000000000000335930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247a199e556c9d092021-12-21 10:22:39.444root 11241100x8000000000000000335931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47de9b6442b188c2021-12-21 10:22:39.444root 11241100x8000000000000000335932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb600475aebc7b32021-12-21 10:22:39.444root 11241100x8000000000000000335933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaad611aa2561c592021-12-21 10:22:39.444root 11241100x8000000000000000335934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7b75a10a249e062021-12-21 10:22:39.444root 11241100x8000000000000000335935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4c70eac1e030e62021-12-21 10:22:39.444root 11241100x8000000000000000335936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b8e72031e406742021-12-21 10:22:39.444root 11241100x8000000000000000335937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5421dade173f4ce2021-12-21 10:22:39.444root 11241100x8000000000000000335938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058dec23343036982021-12-21 10:22:39.444root 11241100x8000000000000000335939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d11e870a133c292021-12-21 10:22:39.444root 11241100x8000000000000000335940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa78d895f2a79a0d2021-12-21 10:22:39.445root 11241100x8000000000000000335941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35123e456d04d4472021-12-21 10:22:39.445root 11241100x8000000000000000335942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db31a45ed8d75b2021-12-21 10:22:39.445root 11241100x8000000000000000335943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10abb1e801b388b42021-12-21 10:22:39.445root 11241100x8000000000000000335944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54999d45e11dc8d2021-12-21 10:22:39.445root 11241100x8000000000000000335945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d8e923e7540c382021-12-21 10:22:39.445root 23542300x8000000000000000335946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.521{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000335947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f73f9f3d3299bd2021-12-21 10:22:39.943root 11241100x8000000000000000335948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3926174c1d296f2021-12-21 10:22:39.943root 11241100x8000000000000000335949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d25929a0456802021-12-21 10:22:39.943root 11241100x8000000000000000335950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0cc09ecf5021ca2021-12-21 10:22:39.943root 11241100x8000000000000000335951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6736fedbac7ee4072021-12-21 10:22:39.943root 11241100x8000000000000000335952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626b375b480aada62021-12-21 10:22:39.944root 11241100x8000000000000000335953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ccf972f4136572021-12-21 10:22:39.944root 11241100x8000000000000000335954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a352677908fbf1812021-12-21 10:22:39.944root 11241100x8000000000000000335955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304b778d68370acf2021-12-21 10:22:39.944root 11241100x8000000000000000335956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67de354f9ea1c6232021-12-21 10:22:39.944root 11241100x8000000000000000335957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e231b67e3c0257692021-12-21 10:22:39.944root 11241100x8000000000000000335958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa7124572dc4dd62021-12-21 10:22:39.944root 11241100x8000000000000000335959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f953371545e97f2021-12-21 10:22:39.944root 11241100x8000000000000000335960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34695a8402cc67892021-12-21 10:22:39.944root 11241100x8000000000000000335961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffd58c68bcd63742021-12-21 10:22:39.944root 11241100x8000000000000000335962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11590fe58a4285f72021-12-21 10:22:39.945root 11241100x8000000000000000335963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234925e8010e83172021-12-21 10:22:39.945root 11241100x8000000000000000335964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2482003f91a24fc72021-12-21 10:22:39.945root 11241100x8000000000000000335965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2130d8dc6a13ed9f2021-12-21 10:22:39.945root 11241100x8000000000000000335966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da8e80085052f952021-12-21 10:22:40.443root 11241100x8000000000000000335967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ad73e880533e622021-12-21 10:22:40.443root 11241100x8000000000000000335968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741006cb83ce2e52021-12-21 10:22:40.443root 11241100x8000000000000000335969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ff43fb33e63882021-12-21 10:22:40.444root 11241100x8000000000000000335970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a17a1c5ad18752021-12-21 10:22:40.444root 11241100x8000000000000000335971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1867968a3142b0062021-12-21 10:22:40.444root 11241100x8000000000000000335972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a57a7e08cf188c2021-12-21 10:22:40.444root 11241100x8000000000000000335973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04896d1c960f5692021-12-21 10:22:40.444root 11241100x8000000000000000335974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e2d51e6d75a8f2021-12-21 10:22:40.444root 11241100x8000000000000000335975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb74d1f54e9b8392021-12-21 10:22:40.444root 11241100x8000000000000000335976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf19aa0d653e3fb42021-12-21 10:22:40.444root 11241100x8000000000000000335977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f08112bfd018ec62021-12-21 10:22:40.444root 11241100x8000000000000000335978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1870e3863cf88a852021-12-21 10:22:40.444root 11241100x8000000000000000335979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94dcf74fb61bf342021-12-21 10:22:40.444root 11241100x8000000000000000335980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfffa37812561af72021-12-21 10:22:40.445root 11241100x8000000000000000335981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d39d6414db966c2021-12-21 10:22:40.445root 11241100x8000000000000000335982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c501c66aabca8b42021-12-21 10:22:40.445root 11241100x8000000000000000335983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f10d89a84bb1a772021-12-21 10:22:40.445root 11241100x8000000000000000335984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9ad119f77868c52021-12-21 10:22:40.445root 11241100x8000000000000000335985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d4e1791b90a4a62021-12-21 10:22:40.943root 11241100x8000000000000000335986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984f269278b980422021-12-21 10:22:40.944root 11241100x8000000000000000335987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4534dc53597ef9672021-12-21 10:22:40.944root 11241100x8000000000000000335988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe310afa2dce5a72021-12-21 10:22:40.944root 11241100x8000000000000000335989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45c790013d326a42021-12-21 10:22:40.944root 11241100x8000000000000000335990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbc41713ff1b9512021-12-21 10:22:40.944root 11241100x8000000000000000335991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f157cc9a4ba5365e2021-12-21 10:22:40.945root 11241100x8000000000000000335992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524d5fd4885784a12021-12-21 10:22:40.945root 11241100x8000000000000000335993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d380c4eb849e502021-12-21 10:22:40.945root 11241100x8000000000000000335994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa0b8f54fe361e2021-12-21 10:22:40.945root 11241100x8000000000000000335995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302c6854ad9d93322021-12-21 10:22:40.945root 11241100x8000000000000000335996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3d7117da559722021-12-21 10:22:40.945root 11241100x8000000000000000335997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aa1f825b1c31d62021-12-21 10:22:40.945root 11241100x8000000000000000335998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8c1c106e83d0ca2021-12-21 10:22:40.945root 11241100x8000000000000000335999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0afd01d2f7e3f82021-12-21 10:22:40.945root 11241100x8000000000000000336000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2fe73b958ca8912021-12-21 10:22:40.945root 11241100x8000000000000000336001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1112908e15856e2021-12-21 10:22:40.945root 11241100x8000000000000000336002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc37b2ddc96832852021-12-21 10:22:40.945root 11241100x8000000000000000336003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30de68171677fd12021-12-21 10:22:40.946root 11241100x8000000000000000336004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4defd99743b53ff62021-12-21 10:22:41.443root 11241100x8000000000000000336005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b464b69aa62cb72021-12-21 10:22:41.443root 11241100x8000000000000000336006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c003d5491589d852021-12-21 10:22:41.443root 11241100x8000000000000000336007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d57fcb7ff08d9b2021-12-21 10:22:41.443root 11241100x8000000000000000336008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0558ebd7d28682e2021-12-21 10:22:41.444root 11241100x8000000000000000336009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610e351752cdcaef2021-12-21 10:22:41.444root 11241100x8000000000000000336010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d5144c83f4e6b92021-12-21 10:22:41.444root 11241100x8000000000000000336011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0316be7fabde1a9e2021-12-21 10:22:41.444root 11241100x8000000000000000336012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275954b09da002742021-12-21 10:22:41.444root 11241100x8000000000000000336013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245efa0f8e9334232021-12-21 10:22:41.444root 11241100x8000000000000000336014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2492b402c942612021-12-21 10:22:41.444root 11241100x8000000000000000336015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b328878eb17679052021-12-21 10:22:41.444root 11241100x8000000000000000336016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc3bfc7657f8f3a2021-12-21 10:22:41.444root 11241100x8000000000000000336017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327057cf1faa5c5a2021-12-21 10:22:41.444root 11241100x8000000000000000336018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030e66ac39e823752021-12-21 10:22:41.444root 11241100x8000000000000000336019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195df4e6cc2c47152021-12-21 10:22:41.445root 11241100x8000000000000000336020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8902bc63af19109f2021-12-21 10:22:41.445root 11241100x8000000000000000336021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39817a9d94b15dca2021-12-21 10:22:41.445root 11241100x8000000000000000336022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec71e7431cc9a2a52021-12-21 10:22:41.445root 11241100x8000000000000000336023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34918d12788a3122021-12-21 10:22:41.943root 11241100x8000000000000000336024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8019b3725560822021-12-21 10:22:41.943root 11241100x8000000000000000336025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43607b573dbb052021-12-21 10:22:41.944root 11241100x8000000000000000336026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1c3dbae9d508672021-12-21 10:22:41.944root 11241100x8000000000000000336027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be10759e7e26ece22021-12-21 10:22:41.944root 11241100x8000000000000000336028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6ede0f1fb9bb332021-12-21 10:22:41.944root 11241100x8000000000000000336029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de1b1716c2a04682021-12-21 10:22:41.944root 11241100x8000000000000000336030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97bd4304023c8472021-12-21 10:22:41.944root 11241100x8000000000000000336031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b07835ca7ade122021-12-21 10:22:41.944root 11241100x8000000000000000336032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cd03eca6dae83d2021-12-21 10:22:41.944root 11241100x8000000000000000336033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169721caa6ec3eb92021-12-21 10:22:41.944root 11241100x8000000000000000336034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c2b489f566520c2021-12-21 10:22:41.944root 11241100x8000000000000000336035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabc773e4b6676fc2021-12-21 10:22:41.945root 11241100x8000000000000000336036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ba724c4f43d2f02021-12-21 10:22:41.945root 11241100x8000000000000000336037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba78bad816b584dd2021-12-21 10:22:41.945root 11241100x8000000000000000336038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fcb969db1711672021-12-21 10:22:41.945root 11241100x8000000000000000336039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0238f26e9b6eaa9f2021-12-21 10:22:41.945root 11241100x8000000000000000336040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6357742fa29746f2021-12-21 10:22:41.945root 11241100x8000000000000000336041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4214c4effdd4bbd12021-12-21 10:22:41.945root 11241100x8000000000000000336042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71c97af93dd25e92021-12-21 10:22:42.443root 11241100x8000000000000000336043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e2cf43f56fa0762021-12-21 10:22:42.443root 11241100x8000000000000000336044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576c7907525b607a2021-12-21 10:22:42.443root 11241100x8000000000000000336045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d836d57b3e6a5c9a2021-12-21 10:22:42.443root 11241100x8000000000000000336046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ecc459502dd6502021-12-21 10:22:42.444root 11241100x8000000000000000336047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d84b6e1f7d731d2021-12-21 10:22:42.444root 11241100x8000000000000000336048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abcbacbf7e1ec802021-12-21 10:22:42.444root 11241100x8000000000000000336049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cf953cf6dadb192021-12-21 10:22:42.444root 11241100x8000000000000000336050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c0ecf82b3b6a92021-12-21 10:22:42.444root 11241100x8000000000000000336051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96764abf648835742021-12-21 10:22:42.444root 11241100x8000000000000000336052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9455adf5a64e3f52021-12-21 10:22:42.444root 11241100x8000000000000000336053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b943be55c6cece2021-12-21 10:22:42.444root 11241100x8000000000000000336054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5991cfdd8eac21492021-12-21 10:22:42.444root 11241100x8000000000000000336055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7ac18acf2624752021-12-21 10:22:42.444root 11241100x8000000000000000336056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410e452ef85265262021-12-21 10:22:42.444root 11241100x8000000000000000336057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fcc551127932ab2021-12-21 10:22:42.444root 11241100x8000000000000000336058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c860b0cfbdde722021-12-21 10:22:42.444root 11241100x8000000000000000336059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cea9cd1af7933052021-12-21 10:22:42.444root 11241100x8000000000000000336060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32814854b7654e432021-12-21 10:22:42.444root 11241100x8000000000000000336061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b09b924639bb2d2021-12-21 10:22:42.943root 11241100x8000000000000000336062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef2190047f2bce2021-12-21 10:22:42.943root 11241100x8000000000000000336063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d66b46debb16122021-12-21 10:22:42.943root 11241100x8000000000000000336064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fbbd9f58bf02f62021-12-21 10:22:42.943root 11241100x8000000000000000336065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc6de847c3b70e2021-12-21 10:22:42.944root 11241100x8000000000000000336066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74a11cdbf2f49382021-12-21 10:22:42.944root 11241100x8000000000000000336067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b962cd82a6c2f5c72021-12-21 10:22:42.944root 11241100x8000000000000000336068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c088da3e58f603cc2021-12-21 10:22:42.944root 11241100x8000000000000000336069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36512cc2c141372021-12-21 10:22:42.944root 11241100x8000000000000000336070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7e7b00975db0962021-12-21 10:22:42.944root 11241100x8000000000000000336071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6984c79945326b2021-12-21 10:22:42.944root 11241100x8000000000000000336072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9b8c33248d6092021-12-21 10:22:42.944root 11241100x8000000000000000336073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e90b3ebda6ab22021-12-21 10:22:42.944root 11241100x8000000000000000336074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43788cca29934fc2021-12-21 10:22:42.944root 11241100x8000000000000000336075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e3b6e8ce0fe13e2021-12-21 10:22:42.944root 11241100x8000000000000000336076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9202c175dc29c02021-12-21 10:22:42.944root 11241100x8000000000000000336077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289b7da402e5e6712021-12-21 10:22:42.944root 11241100x8000000000000000336078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f155345286eaba32021-12-21 10:22:42.944root 11241100x8000000000000000336079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a934b68867c20182021-12-21 10:22:42.945root 11241100x8000000000000000336080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f565af2c1f25292021-12-21 10:22:43.443root 11241100x8000000000000000336081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52961609f36e1d9e2021-12-21 10:22:43.443root 11241100x8000000000000000336082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2779875363d66372021-12-21 10:22:43.444root 11241100x8000000000000000336083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c301ba528934ad2021-12-21 10:22:43.444root 11241100x8000000000000000336084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8be3d0d060db672021-12-21 10:22:43.444root 11241100x8000000000000000336085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4190681ecc5c5e722021-12-21 10:22:43.444root 11241100x8000000000000000336086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f684e90b476f589f2021-12-21 10:22:43.444root 11241100x8000000000000000336087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad57baf4941868cd2021-12-21 10:22:43.444root 11241100x8000000000000000336088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1b27c205e2d0292021-12-21 10:22:43.444root 11241100x8000000000000000336089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5616fc24b0afbc332021-12-21 10:22:43.444root 11241100x8000000000000000336090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc9fa84eb932dcb2021-12-21 10:22:43.444root 11241100x8000000000000000336091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbc350d2b8376432021-12-21 10:22:43.444root 11241100x8000000000000000336092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f16161cb51fe8312021-12-21 10:22:43.445root 11241100x8000000000000000336093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b511572177a1752021-12-21 10:22:43.445root 11241100x8000000000000000336094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a08fc8a348c302021-12-21 10:22:43.445root 11241100x8000000000000000336095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f3ba6a5a7fec642021-12-21 10:22:43.445root 11241100x8000000000000000336096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145571031fb893e82021-12-21 10:22:43.447root 11241100x8000000000000000336097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c444802e9915a2021-12-21 10:22:43.447root 11241100x8000000000000000336098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aba9263d8361072021-12-21 10:22:43.447root 11241100x8000000000000000336099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302aa029d36e80562021-12-21 10:22:43.943root 11241100x8000000000000000336100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914c937691b6ba62021-12-21 10:22:43.943root 11241100x8000000000000000336101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a26be070ef239452021-12-21 10:22:43.943root 11241100x8000000000000000336102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee468a64d175dd6b2021-12-21 10:22:43.944root 11241100x8000000000000000336103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a75657c9a4e2f02021-12-21 10:22:43.944root 11241100x8000000000000000336104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62612c8bd68b6592021-12-21 10:22:43.944root 11241100x8000000000000000336105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e84a7f5de94492021-12-21 10:22:43.944root 11241100x8000000000000000336106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e0d35182576eac2021-12-21 10:22:43.944root 11241100x8000000000000000336107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6792718f486f61142021-12-21 10:22:43.944root 11241100x8000000000000000336108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57604c23343e46a72021-12-21 10:22:43.944root 11241100x8000000000000000336109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71407a8cf3b0efdc2021-12-21 10:22:43.944root 11241100x8000000000000000336110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26baf35761c89502021-12-21 10:22:43.944root 11241100x8000000000000000336111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047ec827b65c1672021-12-21 10:22:43.944root 11241100x8000000000000000336112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf3a7265a5feaf82021-12-21 10:22:43.944root 11241100x8000000000000000336113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b7a7fa947d75a2021-12-21 10:22:43.944root 11241100x8000000000000000336114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4ccb1a2ff3625d2021-12-21 10:22:43.944root 11241100x8000000000000000336115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f790f8eca6f970c42021-12-21 10:22:43.945root 11241100x8000000000000000336116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff4cee952ed15e12021-12-21 10:22:43.945root 11241100x8000000000000000336117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9029b7e8bc57290d2021-12-21 10:22:43.945root 354300x8000000000000000336118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.029{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47012-false10.0.1.12-8000- 11241100x8000000000000000336119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed386cc8b2bf7cc2021-12-21 10:22:44.443root 11241100x8000000000000000336120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb3ef6eba35f6b22021-12-21 10:22:44.443root 11241100x8000000000000000336121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f16613cb69772b62021-12-21 10:22:44.443root 11241100x8000000000000000336122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8965238055b1fde2021-12-21 10:22:44.443root 11241100x8000000000000000336123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a7cc30acbef8222021-12-21 10:22:44.444root 11241100x8000000000000000336124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169a2cfa5833a7e52021-12-21 10:22:44.444root 11241100x8000000000000000336125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031b886433165efa2021-12-21 10:22:44.444root 11241100x8000000000000000336126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92606037232a1a2021-12-21 10:22:44.444root 11241100x8000000000000000336127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a19ab83b3c998a2021-12-21 10:22:44.444root 11241100x8000000000000000336128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ababb53d433b4a542021-12-21 10:22:44.444root 11241100x8000000000000000336129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ebcc85329f0782021-12-21 10:22:44.444root 11241100x8000000000000000336130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993a8d1c1731c822021-12-21 10:22:44.444root 11241100x8000000000000000336131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e06d96100447712021-12-21 10:22:44.444root 11241100x8000000000000000336132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e816c435aea9e662021-12-21 10:22:44.444root 11241100x8000000000000000336133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9187b46c2f2c6aa2021-12-21 10:22:44.444root 11241100x8000000000000000336134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfddac00a6013b02021-12-21 10:22:44.444root 11241100x8000000000000000336135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cdc7e181904ab92021-12-21 10:22:44.444root 11241100x8000000000000000336136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482212252b6e3a5a2021-12-21 10:22:44.444root 11241100x8000000000000000336137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce23fe128c0bd6f2021-12-21 10:22:44.444root 11241100x8000000000000000336138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db71fce9183530d12021-12-21 10:22:44.445root 11241100x8000000000000000336139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9acfb85d0c4f9362021-12-21 10:22:44.943root 11241100x8000000000000000336140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11d33a7eb34d90a2021-12-21 10:22:44.943root 11241100x8000000000000000336141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0b41fa291456952021-12-21 10:22:44.943root 11241100x8000000000000000336142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4c242c9d7b90d62021-12-21 10:22:44.944root 11241100x8000000000000000336143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff5cfbf66b34112021-12-21 10:22:44.944root 11241100x8000000000000000336144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd8326c36ad36402021-12-21 10:22:44.944root 11241100x8000000000000000336145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7037a1afd7529602021-12-21 10:22:44.944root 11241100x8000000000000000336146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eb828b01bb10092021-12-21 10:22:44.944root 11241100x8000000000000000336147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57ae1350c3fb3b22021-12-21 10:22:44.944root 11241100x8000000000000000336148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdd93c6b5f55d2c2021-12-21 10:22:44.945root 11241100x8000000000000000336149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e722b794d81cd2021-12-21 10:22:44.945root 11241100x8000000000000000336150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1238a6a8da236c292021-12-21 10:22:44.945root 11241100x8000000000000000336151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d518f59ecd292d2021-12-21 10:22:44.945root 11241100x8000000000000000336152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99aad85e30c5afc2021-12-21 10:22:44.945root 11241100x8000000000000000336153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f4fd440496e042021-12-21 10:22:44.946root 11241100x8000000000000000336154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c019b429bbf53c412021-12-21 10:22:44.946root 11241100x8000000000000000336155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b3218f51fe070f2021-12-21 10:22:44.946root 11241100x8000000000000000336156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2206356c70888602021-12-21 10:22:44.946root 11241100x8000000000000000336157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166860c66d845dd2021-12-21 10:22:44.946root 11241100x8000000000000000336158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a187eda0a26572021-12-21 10:22:44.946root 11241100x8000000000000000336159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317296840c13963c2021-12-21 10:22:45.443root 11241100x8000000000000000336160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39865320f406dad12021-12-21 10:22:45.444root 11241100x8000000000000000336161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09a30df6a5793f62021-12-21 10:22:45.444root 11241100x8000000000000000336162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720337069cb2faa32021-12-21 10:22:45.444root 11241100x8000000000000000336163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1642992d4c297fda2021-12-21 10:22:45.444root 11241100x8000000000000000336164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30336279249da8f92021-12-21 10:22:45.444root 11241100x8000000000000000336165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9130e5e9c5c3b8192021-12-21 10:22:45.445root 11241100x8000000000000000336166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49b0601b9f4f0cc2021-12-21 10:22:45.445root 11241100x8000000000000000336167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9721409ffa455dc42021-12-21 10:22:45.445root 11241100x8000000000000000336168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83af6b6d3169d2732021-12-21 10:22:45.445root 11241100x8000000000000000336169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbee632b245706372021-12-21 10:22:45.445root 11241100x8000000000000000336170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c647c5dd8d23db72021-12-21 10:22:45.445root 11241100x8000000000000000336171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3898b77b337e323a2021-12-21 10:22:45.445root 11241100x8000000000000000336172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c30095148bf3fd2021-12-21 10:22:45.445root 11241100x8000000000000000336173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbfbff89b979b932021-12-21 10:22:45.445root 11241100x8000000000000000336174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0c55630e299ae22021-12-21 10:22:45.446root 11241100x8000000000000000336175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea57028523b6362021-12-21 10:22:45.446root 11241100x8000000000000000336176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876fdc92563785e32021-12-21 10:22:45.446root 11241100x8000000000000000336177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081da435be2715822021-12-21 10:22:45.446root 11241100x8000000000000000336178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4fe89aa23ff5542021-12-21 10:22:45.446root 11241100x8000000000000000336179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3af95323035c70d2021-12-21 10:22:45.943root 11241100x8000000000000000336180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69712ffe474980ca2021-12-21 10:22:45.943root 11241100x8000000000000000336181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669b73e6d8975f2f2021-12-21 10:22:45.943root 11241100x8000000000000000336182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5a10569ed737a12021-12-21 10:22:45.944root 11241100x8000000000000000336183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215060843b72fc92021-12-21 10:22:45.944root 11241100x8000000000000000336184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e64b6e2fbd006342021-12-21 10:22:45.944root 11241100x8000000000000000336185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d294e2d0946c7162021-12-21 10:22:45.944root 11241100x8000000000000000336186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547cf0d8e18d6e242021-12-21 10:22:45.944root 11241100x8000000000000000336187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2269d514a742032021-12-21 10:22:45.944root 11241100x8000000000000000336188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae68584558e12b2021-12-21 10:22:45.944root 11241100x8000000000000000336189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0facbc055bc1e55d2021-12-21 10:22:45.944root 11241100x8000000000000000336190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66987e11a80a2022021-12-21 10:22:45.944root 11241100x8000000000000000336191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90968e536e16b092021-12-21 10:22:45.944root 11241100x8000000000000000336192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de836c1457bc5f52021-12-21 10:22:45.944root 11241100x8000000000000000336193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650340b86930c4512021-12-21 10:22:45.944root 11241100x8000000000000000336194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc710d54acdfeb42021-12-21 10:22:45.944root 11241100x8000000000000000336195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8329ceb7cd0ea5782021-12-21 10:22:45.944root 11241100x8000000000000000336196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc836531ae2b7b532021-12-21 10:22:45.945root 11241100x8000000000000000336197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c97dd1aaaaf7dcc2021-12-21 10:22:45.945root 11241100x8000000000000000336198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e7f61a308f8fb02021-12-21 10:22:45.945root 11241100x8000000000000000336199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9311fc64a61bd6912021-12-21 10:22:46.443root 11241100x8000000000000000336200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68419c5209ddc1392021-12-21 10:22:46.443root 11241100x8000000000000000336201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c0eb28645394a2021-12-21 10:22:46.443root 11241100x8000000000000000336202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2683d965a9466f302021-12-21 10:22:46.443root 11241100x8000000000000000336203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17e16bc6c8a653b2021-12-21 10:22:46.443root 11241100x8000000000000000336204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd65d55846f48b52021-12-21 10:22:46.444root 11241100x8000000000000000336205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff490f491b982e2021-12-21 10:22:46.444root 11241100x8000000000000000336206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25b7a0c4dd3fd412021-12-21 10:22:46.444root 11241100x8000000000000000336207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a38df8d43b8fea22021-12-21 10:22:46.444root 11241100x8000000000000000336208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73022cf7fe3ad392021-12-21 10:22:46.444root 11241100x8000000000000000336209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66d18ca24bc92d42021-12-21 10:22:46.444root 11241100x8000000000000000336210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad33d461f00158c2021-12-21 10:22:46.444root 11241100x8000000000000000336211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d0c4454f00686b2021-12-21 10:22:46.444root 11241100x8000000000000000336212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99e0d9defb6ae02021-12-21 10:22:46.444root 11241100x8000000000000000336213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d0272f8b3aefa42021-12-21 10:22:46.444root 11241100x8000000000000000336214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd564ec03c3299f2021-12-21 10:22:46.444root 11241100x8000000000000000336215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f17ee95feb9bb0a2021-12-21 10:22:46.444root 11241100x8000000000000000336216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b26ff0617aaf3972021-12-21 10:22:46.444root 11241100x8000000000000000336217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d618954ef3925a2021-12-21 10:22:46.444root 11241100x8000000000000000336218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135933f05e52d2f52021-12-21 10:22:46.445root 11241100x8000000000000000336219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7336fec1e12a6f722021-12-21 10:22:46.943root 11241100x8000000000000000336220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3ab1100151bc1e2021-12-21 10:22:46.943root 11241100x8000000000000000336221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadf8888da101b922021-12-21 10:22:46.944root 11241100x8000000000000000336222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8364aa3ec96f26a32021-12-21 10:22:46.944root 11241100x8000000000000000336223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a417eaac7c7d2c02021-12-21 10:22:46.944root 11241100x8000000000000000336224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fab09c0a3bfdc382021-12-21 10:22:46.944root 11241100x8000000000000000336225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c148fb8274a1d1a62021-12-21 10:22:46.944root 11241100x8000000000000000336226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6095ce2fb33d0ae2021-12-21 10:22:46.944root 11241100x8000000000000000336227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004ced11983f24ca2021-12-21 10:22:46.944root 11241100x8000000000000000336228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd7ac02d3b6a92e2021-12-21 10:22:46.944root 11241100x8000000000000000336229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5231235a31997f952021-12-21 10:22:46.944root 11241100x8000000000000000336230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c0ff99ec65fab72021-12-21 10:22:46.944root 11241100x8000000000000000336231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f19eef8f70b9822021-12-21 10:22:46.944root 11241100x8000000000000000336232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43cb79792a567e22021-12-21 10:22:46.945root 11241100x8000000000000000336233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566f26daee22c5792021-12-21 10:22:46.945root 11241100x8000000000000000336234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c04cc71abd101c2021-12-21 10:22:46.945root 11241100x8000000000000000336235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabdc10c587d6e262021-12-21 10:22:46.945root 11241100x8000000000000000336236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd967403e781d82021-12-21 10:22:46.945root 11241100x8000000000000000336237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9f482e16acbc632021-12-21 10:22:46.945root 11241100x8000000000000000336238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b737edad01532d2021-12-21 10:22:46.945root 11241100x8000000000000000336239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c36cd1c387729472021-12-21 10:22:47.443root 11241100x8000000000000000336240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f0d512f5e0d4432021-12-21 10:22:47.443root 11241100x8000000000000000336241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1449434f70f8b12021-12-21 10:22:47.443root 11241100x8000000000000000336242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dc98c9015046552021-12-21 10:22:47.444root 11241100x8000000000000000336243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f6976b486eb762021-12-21 10:22:47.444root 11241100x8000000000000000336244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd3b237f647e4f52021-12-21 10:22:47.444root 11241100x8000000000000000336245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b788cff474c012021-12-21 10:22:47.444root 11241100x8000000000000000336246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8855bf78ed9a82021-12-21 10:22:47.444root 11241100x8000000000000000336247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d14f4e1686fea32021-12-21 10:22:47.444root 11241100x8000000000000000336248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d5b5576335f212021-12-21 10:22:47.444root 11241100x8000000000000000336249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190f969678c9f4a42021-12-21 10:22:47.444root 11241100x8000000000000000336250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e223f174d9f0d2021-12-21 10:22:47.444root 11241100x8000000000000000336251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61199e7fd7ca62c72021-12-21 10:22:47.444root 11241100x8000000000000000336252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638ff401ec7fd3972021-12-21 10:22:47.445root 11241100x8000000000000000336253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f8266d3b79d6c2021-12-21 10:22:47.445root 11241100x8000000000000000336254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc8ad75c80fe37c2021-12-21 10:22:47.445root 11241100x8000000000000000336255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88ae4186e7bf202021-12-21 10:22:47.445root 11241100x8000000000000000336256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404015198484a1b12021-12-21 10:22:47.445root 11241100x8000000000000000336257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a931facc7c953fd52021-12-21 10:22:47.445root 11241100x8000000000000000336258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32084f2da6c2e8c2021-12-21 10:22:47.445root 11241100x8000000000000000336259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacd3495f5a0ca8c2021-12-21 10:22:47.943root 11241100x8000000000000000336260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b40e2bf74c46e32021-12-21 10:22:47.943root 11241100x8000000000000000336261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d3c8744a334072021-12-21 10:22:47.944root 11241100x8000000000000000336262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c53cf94d8bd932021-12-21 10:22:47.944root 11241100x8000000000000000336263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3472fb4a7e712ef82021-12-21 10:22:47.944root 11241100x8000000000000000336264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca368d7f924e1dd2021-12-21 10:22:47.945root 11241100x8000000000000000336265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f39bb16ecad92262021-12-21 10:22:47.945root 11241100x8000000000000000336266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8ac2a3202eeb962021-12-21 10:22:47.945root 11241100x8000000000000000336267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e53c1c19f86ec62021-12-21 10:22:47.945root 11241100x8000000000000000336268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6850682361961302021-12-21 10:22:47.946root 11241100x8000000000000000336269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e3fb30dc4679912021-12-21 10:22:47.946root 11241100x8000000000000000336270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad357edac8712cf2021-12-21 10:22:47.946root 11241100x8000000000000000336271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fad34514054861f2021-12-21 10:22:47.946root 11241100x8000000000000000336272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3541d0599396e1d22021-12-21 10:22:47.946root 11241100x8000000000000000336273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a235fce48b630092021-12-21 10:22:47.947root 11241100x8000000000000000336274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfe9790ab1f4a5e2021-12-21 10:22:47.947root 11241100x8000000000000000336275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b0ddc05acbdeac2021-12-21 10:22:47.947root 11241100x8000000000000000336276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965cc8fa60cd08692021-12-21 10:22:47.947root 11241100x8000000000000000336277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccd9eef1025c1562021-12-21 10:22:47.947root 11241100x8000000000000000336278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f07d7eb682d2f22021-12-21 10:22:47.947root 11241100x8000000000000000336279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c801743f428f6632021-12-21 10:22:47.947root 11241100x8000000000000000336280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a803523cabefc2021-12-21 10:22:47.948root 11241100x8000000000000000336281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09c3f545fdc115c2021-12-21 10:22:47.948root 11241100x8000000000000000336282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5544b56d0bec752021-12-21 10:22:47.948root 11241100x8000000000000000336283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eed2dfdca3758d2021-12-21 10:22:47.948root 11241100x8000000000000000336284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b03207f9976fc2021-12-21 10:22:48.443root 11241100x8000000000000000336285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d54126a647fd58a2021-12-21 10:22:48.443root 11241100x8000000000000000336286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4627e9972915cb7b2021-12-21 10:22:48.443root 11241100x8000000000000000336287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8bdfa178eaf5132021-12-21 10:22:48.444root 11241100x8000000000000000336288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd00ce16c3aaf2392021-12-21 10:22:48.444root 11241100x8000000000000000336289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095550f074124ed42021-12-21 10:22:48.444root 11241100x8000000000000000336290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4843618093722c4f2021-12-21 10:22:48.444root 11241100x8000000000000000336291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da28af36257d8d302021-12-21 10:22:48.444root 11241100x8000000000000000336292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b72428e89bfc22b2021-12-21 10:22:48.444root 11241100x8000000000000000336293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760e28136df16fbb2021-12-21 10:22:48.444root 11241100x8000000000000000336294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c19720946a7b1f22021-12-21 10:22:48.444root 11241100x8000000000000000336295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca53ee6f9c6b6d42021-12-21 10:22:48.444root 11241100x8000000000000000336296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c8b0feee21bdfa2021-12-21 10:22:48.444root 11241100x8000000000000000336297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e834f0934bf6e8a2021-12-21 10:22:48.444root 11241100x8000000000000000336298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5b3d1fca57258f2021-12-21 10:22:48.444root 11241100x8000000000000000336299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e34a6753ae15fba2021-12-21 10:22:48.444root 11241100x8000000000000000336300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca72575178dade12021-12-21 10:22:48.445root 11241100x8000000000000000336301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc862f4e1e2f4a12021-12-21 10:22:48.445root 11241100x8000000000000000336302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba9cc22963d5a5f2021-12-21 10:22:48.445root 11241100x8000000000000000336303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8678b4850f3670702021-12-21 10:22:48.445root 11241100x8000000000000000336304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb2faad1d6d69f2021-12-21 10:22:48.943root 11241100x8000000000000000336305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abfa14796267c212021-12-21 10:22:48.943root 11241100x8000000000000000336306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8a38cc40389f12021-12-21 10:22:48.943root 11241100x8000000000000000336307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c0a71bc1b985942021-12-21 10:22:48.944root 11241100x8000000000000000336308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5583d69128932572021-12-21 10:22:48.944root 11241100x8000000000000000336309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc91020b6fe85802021-12-21 10:22:48.944root 11241100x8000000000000000336310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7d4c8620d99d692021-12-21 10:22:48.944root 11241100x8000000000000000336311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7c27751d6d24e72021-12-21 10:22:48.944root 11241100x8000000000000000336312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ca1866a5f9a7cf2021-12-21 10:22:48.944root 11241100x8000000000000000336313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1273accdb021083d2021-12-21 10:22:48.944root 11241100x8000000000000000336314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e135f7f01c6ad62021-12-21 10:22:48.944root 11241100x8000000000000000336315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363d0872c44a9702021-12-21 10:22:48.944root 11241100x8000000000000000336316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c00cb3176c95b62021-12-21 10:22:48.944root 11241100x8000000000000000336317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa26e49e55cbf4d2021-12-21 10:22:48.945root 11241100x8000000000000000336318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14c61d52f002b982021-12-21 10:22:48.945root 11241100x8000000000000000336319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8299034f815088232021-12-21 10:22:48.945root 11241100x8000000000000000336320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8af865be56fe172021-12-21 10:22:48.945root 11241100x8000000000000000336321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b768186ed9efd7722021-12-21 10:22:48.945root 11241100x8000000000000000336322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e7edc6a612f69b2021-12-21 10:22:48.945root 11241100x8000000000000000336323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deb6bdd89d32d4e2021-12-21 10:22:48.945root 354300x8000000000000000336324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.202{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47014-false10.0.1.12-8000- 11241100x8000000000000000336325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3378b2144d8e3fe2021-12-21 10:22:49.203root 11241100x8000000000000000336326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80efbfb7369d7f952021-12-21 10:22:49.203root 11241100x8000000000000000336327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164bf9888a6a8c4f2021-12-21 10:22:49.204root 11241100x8000000000000000336328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25363438e34e29e62021-12-21 10:22:49.204root 11241100x8000000000000000336329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac6f066f58e565d2021-12-21 10:22:49.204root 11241100x8000000000000000336330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d04b17e8089ddc2021-12-21 10:22:49.204root 11241100x8000000000000000336331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8d28386ea34e5b2021-12-21 10:22:49.204root 11241100x8000000000000000336332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8a7394a04a1a4a2021-12-21 10:22:49.205root 11241100x8000000000000000336333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d5b23eabbf9e742021-12-21 10:22:49.205root 11241100x8000000000000000336334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab37192dc11c1b2c2021-12-21 10:22:49.205root 11241100x8000000000000000336335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b0273d2f7292562021-12-21 10:22:49.205root 11241100x8000000000000000336336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124d9109ef4f5cd2021-12-21 10:22:49.205root 11241100x8000000000000000336337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7866a2936934b172021-12-21 10:22:49.205root 11241100x8000000000000000336338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9f1fe5b8f4ecff2021-12-21 10:22:49.205root 11241100x8000000000000000336339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4be469d1c311e22021-12-21 10:22:49.205root 11241100x8000000000000000336340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c4f8813f7240782021-12-21 10:22:49.205root 11241100x8000000000000000336341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1942ad3e69de752021-12-21 10:22:49.205root 11241100x8000000000000000336342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0be94c3eef0382021-12-21 10:22:49.205root 11241100x8000000000000000336343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b13a8bc8a9d9592021-12-21 10:22:49.206root 11241100x8000000000000000336344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c95ae72b7e2c33f2021-12-21 10:22:49.206root 11241100x8000000000000000336345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d1e1579f0f274f2021-12-21 10:22:49.206root 11241100x8000000000000000336346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a7567f12f9cad2021-12-21 10:22:49.206root 11241100x8000000000000000336347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271c1c9165629b232021-12-21 10:22:49.693root 11241100x8000000000000000336348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3376cfab9b735b3e2021-12-21 10:22:49.693root 11241100x8000000000000000336349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fdfd321dffea572021-12-21 10:22:49.694root 11241100x8000000000000000336350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a252a77de4ff1afa2021-12-21 10:22:49.694root 11241100x8000000000000000336351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c31f6a8a86102aa2021-12-21 10:22:49.694root 11241100x8000000000000000336352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db780e959e1efb2021-12-21 10:22:49.695root 11241100x8000000000000000336353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1404e5541fd2412021-12-21 10:22:49.695root 11241100x8000000000000000336354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b0d171b01588a92021-12-21 10:22:49.695root 11241100x8000000000000000336355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386865ad33d50be12021-12-21 10:22:49.695root 11241100x8000000000000000336356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82637b3fd718a7d2021-12-21 10:22:49.695root 11241100x8000000000000000336357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a978b24746a0ab0c2021-12-21 10:22:49.695root 11241100x8000000000000000336358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e82e11a810740e2021-12-21 10:22:49.696root 11241100x8000000000000000336359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c57a0b0978bb772021-12-21 10:22:49.696root 11241100x8000000000000000336360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777a66d958fc975b2021-12-21 10:22:49.696root 11241100x8000000000000000336361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415c544939721452021-12-21 10:22:49.696root 11241100x8000000000000000336362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eedf3f0471739d22021-12-21 10:22:49.696root 11241100x8000000000000000336363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52feecb100251ffc2021-12-21 10:22:49.696root 11241100x8000000000000000336364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4da71225d9fd3742021-12-21 10:22:49.696root 11241100x8000000000000000336365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b851bcfbacbcae462021-12-21 10:22:49.696root 11241100x8000000000000000336366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9297be461c15532021-12-21 10:22:49.696root 11241100x8000000000000000336367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9db4e276004be12021-12-21 10:22:49.697root 11241100x8000000000000000336368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f952975b5dcbc5c2021-12-21 10:22:50.192root 11241100x8000000000000000336369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645964de9248ba6e2021-12-21 10:22:50.193root 11241100x8000000000000000336370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aff09803209c4a62021-12-21 10:22:50.193root 11241100x8000000000000000336371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf75d8be59a3d04b2021-12-21 10:22:50.193root 11241100x8000000000000000336372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5fa990e52fd8972021-12-21 10:22:50.193root 11241100x8000000000000000336373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa69b73c781fe9e22021-12-21 10:22:50.193root 11241100x8000000000000000336374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f37ed645526ab42021-12-21 10:22:50.193root 11241100x8000000000000000336375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6982f6c252e060e2021-12-21 10:22:50.193root 11241100x8000000000000000336376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e80038182cc26e2021-12-21 10:22:50.194root 11241100x8000000000000000336377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ac05e22e58c9802021-12-21 10:22:50.194root 11241100x8000000000000000336378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ac7c01455d2a52021-12-21 10:22:50.194root 11241100x8000000000000000336379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be8c32eaea5eae92021-12-21 10:22:50.194root 11241100x8000000000000000336380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc7a2ab7d37815d2021-12-21 10:22:50.194root 11241100x8000000000000000336381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98b41a291a14b552021-12-21 10:22:50.194root 11241100x8000000000000000336382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14262ab0f798af7c2021-12-21 10:22:50.195root 11241100x8000000000000000336383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b33fb6ad253ffbc2021-12-21 10:22:50.195root 11241100x8000000000000000336384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7980a505e61624f42021-12-21 10:22:50.195root 11241100x8000000000000000336385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c230d373ffbb992021-12-21 10:22:50.195root 11241100x8000000000000000336386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b13c137134fa012021-12-21 10:22:50.195root 11241100x8000000000000000336387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b24077beba37b2021-12-21 10:22:50.195root 11241100x8000000000000000336388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb3feece80655312021-12-21 10:22:50.195root 11241100x8000000000000000336389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c71e12ea33c8f942021-12-21 10:22:50.195root 11241100x8000000000000000336390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b3a4b8980aa8a2021-12-21 10:22:50.195root 11241100x8000000000000000336391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d721f27cc8a68612021-12-21 10:22:50.196root 11241100x8000000000000000336392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487456b3996664592021-12-21 10:22:50.196root 11241100x8000000000000000336393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7d02cfa2721c6e2021-12-21 10:22:50.196root 11241100x8000000000000000336394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbb30cec37b5bc32021-12-21 10:22:50.196root 11241100x8000000000000000336395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6802b80070a17f2021-12-21 10:22:50.196root 11241100x8000000000000000336396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c125b20adad06b52021-12-21 10:22:50.196root 11241100x8000000000000000336397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e27320470748f2021-12-21 10:22:50.196root 11241100x8000000000000000336398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060147d5776a82cf2021-12-21 10:22:50.693root 11241100x8000000000000000336399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccc06557f1978732021-12-21 10:22:50.693root 11241100x8000000000000000336400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a71886e538787752021-12-21 10:22:50.693root 11241100x8000000000000000336401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a5fac12720ae7e2021-12-21 10:22:50.694root 11241100x8000000000000000336402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e754c1f0df145f22021-12-21 10:22:50.694root 11241100x8000000000000000336403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a4052dddf9de302021-12-21 10:22:50.694root 11241100x8000000000000000336404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6610bf7ba53ac12021-12-21 10:22:50.694root 11241100x8000000000000000336405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d33eecaecfb66af2021-12-21 10:22:50.694root 11241100x8000000000000000336406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57d53cc8e1ba1d02021-12-21 10:22:50.694root 11241100x8000000000000000336407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584a935b6f4c51dd2021-12-21 10:22:50.694root 11241100x8000000000000000336408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080d3c357e0703d22021-12-21 10:22:50.694root 11241100x8000000000000000336409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f742749e4822fd112021-12-21 10:22:50.694root 11241100x8000000000000000336410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aec12c2134328ec2021-12-21 10:22:50.694root 11241100x8000000000000000336411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0c111f9353fd682021-12-21 10:22:50.694root 11241100x8000000000000000336412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04cc83c99d9d6af2021-12-21 10:22:50.695root 11241100x8000000000000000336413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90061af5225c9bdb2021-12-21 10:22:50.695root 11241100x8000000000000000336414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0236810d2c0ef962021-12-21 10:22:50.695root 11241100x8000000000000000336415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eceacad91b2ceda22021-12-21 10:22:50.695root 11241100x8000000000000000336416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c0ca5e6a2266f42021-12-21 10:22:50.695root 11241100x8000000000000000336417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0d45f20d67831c2021-12-21 10:22:50.695root 11241100x8000000000000000336418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e746e709fcfce9d42021-12-21 10:22:50.695root 11241100x8000000000000000336419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef5a2614763667d2021-12-21 10:22:51.193root 11241100x8000000000000000336420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c94ab5d81648802021-12-21 10:22:51.193root 11241100x8000000000000000336421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2eb3bd268dbb272021-12-21 10:22:51.194root 11241100x8000000000000000336422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd32e89916e8d72d2021-12-21 10:22:51.194root 11241100x8000000000000000336423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d01de277b3b9fc12021-12-21 10:22:51.194root 11241100x8000000000000000336424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd241ebd33d7fdf2021-12-21 10:22:51.194root 11241100x8000000000000000336425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541977628c44ddd92021-12-21 10:22:51.194root 11241100x8000000000000000336426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3ef54bd661273b2021-12-21 10:22:51.194root 11241100x8000000000000000336427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9b68a76426c1322021-12-21 10:22:51.194root 11241100x8000000000000000336428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6ac0b04a97e0872021-12-21 10:22:51.194root 11241100x8000000000000000336429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd949a4360f429e22021-12-21 10:22:51.194root 11241100x8000000000000000336430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48837b75730c506c2021-12-21 10:22:51.195root 11241100x8000000000000000336431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d952e3e14efc622021-12-21 10:22:51.195root 11241100x8000000000000000336432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fe7150472e23982021-12-21 10:22:51.195root 11241100x8000000000000000336433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3300647057cfcefd2021-12-21 10:22:51.195root 11241100x8000000000000000336434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c0e400414f90ca2021-12-21 10:22:51.195root 11241100x8000000000000000336435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203e5f9fe70d21c52021-12-21 10:22:51.195root 11241100x8000000000000000336436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d525b51b09f061ca2021-12-21 10:22:51.195root 11241100x8000000000000000336437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95708df48835d54d2021-12-21 10:22:51.196root 11241100x8000000000000000336438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d1877d17c320512021-12-21 10:22:51.196root 11241100x8000000000000000336439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d129cc50fb1b31b42021-12-21 10:22:51.196root 11241100x8000000000000000336440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b05a72b76de04c2021-12-21 10:22:51.693root 11241100x8000000000000000336441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56335c77b75cadd62021-12-21 10:22:51.694root 11241100x8000000000000000336442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fc103e64da67f22021-12-21 10:22:51.694root 11241100x8000000000000000336443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cebca899fbfa732021-12-21 10:22:51.694root 11241100x8000000000000000336444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f2977b7fbf63182021-12-21 10:22:51.694root 11241100x8000000000000000336445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84c3f27f0739e762021-12-21 10:22:51.695root 11241100x8000000000000000336446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbcf864da2e756e2021-12-21 10:22:51.695root 11241100x8000000000000000336447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b386b57abed44d202021-12-21 10:22:51.695root 11241100x8000000000000000336448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d63ce36d076ff62021-12-21 10:22:51.695root 11241100x8000000000000000336449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0ad2c9d456bcf2021-12-21 10:22:51.695root 11241100x8000000000000000336450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b1fed94f31ff202021-12-21 10:22:51.695root 11241100x8000000000000000336451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961509a483b506c52021-12-21 10:22:51.695root 11241100x8000000000000000336452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b176926f7808a112021-12-21 10:22:51.696root 11241100x8000000000000000336453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a0e29b7dd20622021-12-21 10:22:51.696root 11241100x8000000000000000336454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a9e460227606fd2021-12-21 10:22:51.696root 11241100x8000000000000000336455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c3e8f01831cfd62021-12-21 10:22:51.696root 11241100x8000000000000000336456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07cdecf7c3a2daf2021-12-21 10:22:51.696root 11241100x8000000000000000336457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17bd0c613d1459c2021-12-21 10:22:51.696root 11241100x8000000000000000336458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf0318bc7fae7df2021-12-21 10:22:51.696root 11241100x8000000000000000336459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2106272a370332f42021-12-21 10:22:51.696root 11241100x8000000000000000336460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df99c92504c77fa2021-12-21 10:22:51.697root 11241100x8000000000000000336461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b841ba07febf1aed2021-12-21 10:22:52.192root 11241100x8000000000000000336462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b37119ac6126052021-12-21 10:22:52.193root 11241100x8000000000000000336463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a702ef8ff952836c2021-12-21 10:22:52.193root 11241100x8000000000000000336464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435e6d4df747e8ee2021-12-21 10:22:52.193root 11241100x8000000000000000336465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665588500ab6e4c2021-12-21 10:22:52.193root 11241100x8000000000000000336466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65b6ee7953ad0782021-12-21 10:22:52.193root 11241100x8000000000000000336467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d85fda9e369d442021-12-21 10:22:52.194root 11241100x8000000000000000336468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bcb569ce92887e2021-12-21 10:22:52.194root 11241100x8000000000000000336469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be75ea43367224882021-12-21 10:22:52.194root 11241100x8000000000000000336470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf48f0588b01bb72021-12-21 10:22:52.194root 11241100x8000000000000000336471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcebc295b8718adf2021-12-21 10:22:52.195root 11241100x8000000000000000336472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0611a9f1659d8d9f2021-12-21 10:22:52.195root 11241100x8000000000000000336473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaed21f2246c4c662021-12-21 10:22:52.195root 11241100x8000000000000000336474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a32a03e6872262021-12-21 10:22:52.195root 11241100x8000000000000000336475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddd902e943e5c0a2021-12-21 10:22:52.195root 11241100x8000000000000000336476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8150b1f88c90472021-12-21 10:22:52.195root 11241100x8000000000000000336477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ad217da80deec2021-12-21 10:22:52.196root 11241100x8000000000000000336478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecbf3b0f1ff3d9c2021-12-21 10:22:52.196root 11241100x8000000000000000336479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e033bfed047f62021-12-21 10:22:52.196root 11241100x8000000000000000336480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c9f4ffb305f9142021-12-21 10:22:52.196root 11241100x8000000000000000336481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fce107d7d7d48e2021-12-21 10:22:52.197root 11241100x8000000000000000336482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb33c682ac5ae742021-12-21 10:22:52.197root 11241100x8000000000000000336483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2eff1d65680c342021-12-21 10:22:52.197root 11241100x8000000000000000336484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3151df7e4d2bcc12021-12-21 10:22:52.197root 11241100x8000000000000000336485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9188cff87fc264a32021-12-21 10:22:52.197root 11241100x8000000000000000336486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff7ea61e0ada0092021-12-21 10:22:52.693root 11241100x8000000000000000336487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312cba5be89c81172021-12-21 10:22:52.693root 11241100x8000000000000000336488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14107ef54a512512021-12-21 10:22:52.693root 11241100x8000000000000000336489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26049144e11cbd2c2021-12-21 10:22:52.694root 11241100x8000000000000000336490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79728e5b296ef47e2021-12-21 10:22:52.694root 11241100x8000000000000000336491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07393844bc8b77df2021-12-21 10:22:52.694root 11241100x8000000000000000336492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9b8b67bd1154162021-12-21 10:22:52.694root 11241100x8000000000000000336493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554602bbd8d9ef02021-12-21 10:22:52.694root 11241100x8000000000000000336494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacb5030f391bbd02021-12-21 10:22:52.694root 11241100x8000000000000000336495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647a167859b0d9b02021-12-21 10:22:52.694root 11241100x8000000000000000336496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3615420b5dcc32c72021-12-21 10:22:52.694root 11241100x8000000000000000336497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901db0f9ec5802f82021-12-21 10:22:52.694root 11241100x8000000000000000336498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef5c034a10391092021-12-21 10:22:52.695root 11241100x8000000000000000336499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcb03a877d6acb12021-12-21 10:22:52.695root 11241100x8000000000000000336500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042bb0d8a6b87a3d2021-12-21 10:22:52.695root 11241100x8000000000000000336501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97e2e395341fd5f2021-12-21 10:22:52.695root 11241100x8000000000000000336502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ab0d4ea5bf3a52021-12-21 10:22:52.695root 11241100x8000000000000000336503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfc830ac34a955a2021-12-21 10:22:52.695root 11241100x8000000000000000336504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588293b224a1971d2021-12-21 10:22:52.695root 11241100x8000000000000000336505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ece69fd2e3b3d72021-12-21 10:22:52.696root 11241100x8000000000000000336506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9c2fd47cedd1d02021-12-21 10:22:52.696root 11241100x8000000000000000336507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01aa98d0a00feb62021-12-21 10:22:52.696root 11241100x8000000000000000336508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f01bd1fe2c9c0f22021-12-21 10:22:52.696root 11241100x8000000000000000336509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6d36ca7dd70c702021-12-21 10:22:53.193root 11241100x8000000000000000336510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764dfa1c1fe19e202021-12-21 10:22:53.193root 11241100x8000000000000000336511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a528f95d5378b22021-12-21 10:22:53.193root 11241100x8000000000000000336512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f438c33ee73a1372021-12-21 10:22:53.194root 11241100x8000000000000000336513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e2c5347dd419d2021-12-21 10:22:53.194root 11241100x8000000000000000336514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1e15c231c675712021-12-21 10:22:53.194root 11241100x8000000000000000336515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc797f69d777066b2021-12-21 10:22:53.194root 11241100x8000000000000000336516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf2d9b3da76cd62021-12-21 10:22:53.194root 11241100x8000000000000000336517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292cc52e805211092021-12-21 10:22:53.194root 11241100x8000000000000000336518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde7b25bbf18ab1b2021-12-21 10:22:53.194root 11241100x8000000000000000336519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b004de730515002021-12-21 10:22:53.194root 11241100x8000000000000000336520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57703aeb5d3f977d2021-12-21 10:22:53.194root 11241100x8000000000000000336521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737a2d4e7d0d92192021-12-21 10:22:53.194root 11241100x8000000000000000336522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c000b3325431d92021-12-21 10:22:53.195root 11241100x8000000000000000336523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d978106d6773c63b2021-12-21 10:22:53.195root 11241100x8000000000000000336524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafd88e49be7d9602021-12-21 10:22:53.195root 11241100x8000000000000000336525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd59ebab212c491f2021-12-21 10:22:53.195root 11241100x8000000000000000336526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c313376c7648ec2021-12-21 10:22:53.195root 11241100x8000000000000000336527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac3394ecbe57f662021-12-21 10:22:53.195root 11241100x8000000000000000336528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e788df324be6d6662021-12-21 10:22:53.195root 11241100x8000000000000000336529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215cb7ca67930ec62021-12-21 10:22:53.196root 11241100x8000000000000000336530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e3dcd3bd28d8dd2021-12-21 10:22:53.693root 11241100x8000000000000000336531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0aac84213f9ca42021-12-21 10:22:53.693root 11241100x8000000000000000336532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98e93c313fe25aa2021-12-21 10:22:53.694root 11241100x8000000000000000336533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bbfa37c057fee82021-12-21 10:22:53.694root 11241100x8000000000000000336534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac70895cb6d3e012021-12-21 10:22:53.694root 11241100x8000000000000000336535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1fffa74ad3936a2021-12-21 10:22:53.694root 11241100x8000000000000000336536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab39497a1942237f2021-12-21 10:22:53.694root 11241100x8000000000000000336537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0e84bc9c6101402021-12-21 10:22:53.694root 11241100x8000000000000000336538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ec7dc1c19b7ef22021-12-21 10:22:53.695root 11241100x8000000000000000336539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677caf2cdb6feae32021-12-21 10:22:53.695root 11241100x8000000000000000336540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa96dc5076b31c2021-12-21 10:22:53.695root 11241100x8000000000000000336541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308b4f668edf9f762021-12-21 10:22:53.695root 11241100x8000000000000000336542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c130f3b46bfc382021-12-21 10:22:53.695root 11241100x8000000000000000336543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f2b6f203e3f74a2021-12-21 10:22:53.696root 11241100x8000000000000000336544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8e74ef6d9bfdaf2021-12-21 10:22:53.696root 11241100x8000000000000000336545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410302e717c7165b2021-12-21 10:22:53.696root 11241100x8000000000000000336546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa8f007604ea5522021-12-21 10:22:53.696root 11241100x8000000000000000336547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08b0bba36707ca82021-12-21 10:22:53.696root 11241100x8000000000000000336548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5935a486990498082021-12-21 10:22:53.696root 11241100x8000000000000000336549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f0f1244c17d5682021-12-21 10:22:53.696root 11241100x8000000000000000336550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e825749dbb43296a2021-12-21 10:22:53.697root 11241100x8000000000000000336551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de602cb7d1dcc8e92021-12-21 10:22:54.192root 11241100x8000000000000000336552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb86741fece78f72021-12-21 10:22:54.193root 11241100x8000000000000000336553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6226b849c55d2e8a2021-12-21 10:22:54.193root 11241100x8000000000000000336554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921ec99c64c920782021-12-21 10:22:54.193root 11241100x8000000000000000336555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be55f28bb9b9a0f32021-12-21 10:22:54.193root 11241100x8000000000000000336556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa95b15b10c15e622021-12-21 10:22:54.193root 11241100x8000000000000000336557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008212f01574f9f32021-12-21 10:22:54.193root 11241100x8000000000000000336558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28973ad1e752b9b62021-12-21 10:22:54.193root 11241100x8000000000000000336559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbaeecfab212fcc2021-12-21 10:22:54.193root 11241100x8000000000000000336560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabe6dd67db682d2021-12-21 10:22:54.193root 11241100x8000000000000000336561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202b78b93f37f1542021-12-21 10:22:54.194root 11241100x8000000000000000336562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6405bf5067172af2021-12-21 10:22:54.194root 11241100x8000000000000000336563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cb3e0769613b4d2021-12-21 10:22:54.194root 11241100x8000000000000000336564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a00343aca1cef82021-12-21 10:22:54.194root 11241100x8000000000000000336565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490329c08fff88162021-12-21 10:22:54.194root 11241100x8000000000000000336566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac82caf2c1c891a2021-12-21 10:22:54.194root 11241100x8000000000000000336567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688cc1afe89272cf2021-12-21 10:22:54.195root 11241100x8000000000000000336568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e32f7e89f385d2021-12-21 10:22:54.195root 11241100x8000000000000000336569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41c6743e4985c822021-12-21 10:22:54.195root 11241100x8000000000000000336570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f93d76e598e04df2021-12-21 10:22:54.196root 11241100x8000000000000000336571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbcfeba22aa63e92021-12-21 10:22:54.196root 11241100x8000000000000000336572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d999603294683bf2021-12-21 10:22:54.196root 11241100x8000000000000000336573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b7629bcdb027c12021-12-21 10:22:54.196root 11241100x8000000000000000336574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bc4cca7d97c7622021-12-21 10:22:54.196root 11241100x8000000000000000336575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b72f92f3f8180f2021-12-21 10:22:54.196root 11241100x8000000000000000336576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8b9c6724b4ebe52021-12-21 10:22:54.197root 11241100x8000000000000000336577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40579347378cfd322021-12-21 10:22:54.197root 11241100x8000000000000000336578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9021256fe6ca9f2021-12-21 10:22:54.197root 11241100x8000000000000000336579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcef98306de27872021-12-21 10:22:54.197root 11241100x8000000000000000336580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f514ebe08e7446c2021-12-21 10:22:54.692root 11241100x8000000000000000336581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac0be41c3ac01492021-12-21 10:22:54.693root 11241100x8000000000000000336582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605c496fd2c74a942021-12-21 10:22:54.693root 11241100x8000000000000000336583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b43ffefa8fddb2021-12-21 10:22:54.693root 11241100x8000000000000000336584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ebbc83adc942c2021-12-21 10:22:54.694root 11241100x8000000000000000336585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ec85c7254a6952021-12-21 10:22:54.694root 11241100x8000000000000000336586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b76177a517b8832021-12-21 10:22:54.694root 11241100x8000000000000000336587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5fc13d07f5b83e2021-12-21 10:22:54.694root 11241100x8000000000000000336588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179d3aeb470282072021-12-21 10:22:54.695root 11241100x8000000000000000336589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3226476560f4c72021-12-21 10:22:54.695root 11241100x8000000000000000336590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2af4d499c9c0ee2021-12-21 10:22:54.695root 11241100x8000000000000000336591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e298979ad022282021-12-21 10:22:54.695root 11241100x8000000000000000336592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d372c398f1198b2021-12-21 10:22:54.696root 11241100x8000000000000000336593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e503d6e89952924a2021-12-21 10:22:54.696root 11241100x8000000000000000336594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2124491c1fa1ec322021-12-21 10:22:54.696root 11241100x8000000000000000336595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff58250148be8132021-12-21 10:22:54.696root 11241100x8000000000000000336596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb66ea662badfa32021-12-21 10:22:54.696root 11241100x8000000000000000336597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cba2c3ed1d41ba52021-12-21 10:22:54.696root 11241100x8000000000000000336598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb0feabd720fc012021-12-21 10:22:54.696root 11241100x8000000000000000336599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de08d25397dce8722021-12-21 10:22:54.696root 11241100x8000000000000000336600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a069743ceea549d42021-12-21 10:22:54.696root 11241100x8000000000000000336601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfba248eec776b72021-12-21 10:22:54.696root 11241100x8000000000000000336602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5b558ad4554b6e2021-12-21 10:22:54.696root 11241100x8000000000000000336603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfeed679c086d762021-12-21 10:22:54.697root 11241100x8000000000000000336604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4160725717ee89372021-12-21 10:22:54.697root 354300x8000000000000000336605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.130{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47016-false10.0.1.12-8000- 11241100x8000000000000000336606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cbd3367c86d3c32021-12-21 10:22:55.131root 11241100x8000000000000000336607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752befe8faad7842021-12-21 10:22:55.131root 11241100x8000000000000000336608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1bd86bf13c5a532021-12-21 10:22:55.131root 11241100x8000000000000000336609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f984f1718ec4502021-12-21 10:22:55.132root 11241100x8000000000000000336610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27609591e00725172021-12-21 10:22:55.132root 11241100x8000000000000000336611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb018c843f776e422021-12-21 10:22:55.132root 11241100x8000000000000000336612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24176bbcff2d81cb2021-12-21 10:22:55.132root 11241100x8000000000000000336613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944131b276b25f272021-12-21 10:22:55.132root 11241100x8000000000000000336614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ae53f2f919b8e2021-12-21 10:22:55.132root 11241100x8000000000000000336615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe3fee7d7cc86662021-12-21 10:22:55.132root 11241100x8000000000000000336616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e74747eb73cebc52021-12-21 10:22:55.133root 11241100x8000000000000000336617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab39a51beb161902021-12-21 10:22:55.133root 11241100x8000000000000000336618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5620e2d649487b2021-12-21 10:22:55.133root 11241100x8000000000000000336619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bc323e2d55fb0b2021-12-21 10:22:55.133root 11241100x8000000000000000336620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044649962c76e7f2021-12-21 10:22:55.133root 11241100x8000000000000000336621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9c2cdd6fcb9e092021-12-21 10:22:55.133root 11241100x8000000000000000336622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30857313a6bd14d72021-12-21 10:22:55.133root 11241100x8000000000000000336623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065b42c8536398932021-12-21 10:22:55.134root 11241100x8000000000000000336624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bef1c1f17de43492021-12-21 10:22:55.134root 11241100x8000000000000000336625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bf1011b32919b2021-12-21 10:22:55.134root 11241100x8000000000000000336626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e94893f4587ec3b2021-12-21 10:22:55.134root 11241100x8000000000000000336627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250939c60f6a40a22021-12-21 10:22:55.134root 11241100x8000000000000000336628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a047960fb5115362021-12-21 10:22:55.134root 11241100x8000000000000000336629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1533d6f1541283672021-12-21 10:22:55.134root 11241100x8000000000000000336630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3bdbea9bbb2d22021-12-21 10:22:55.134root 11241100x8000000000000000336631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3824e2c8d06e572021-12-21 10:22:55.134root 11241100x8000000000000000336632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a523009c060bec6b2021-12-21 10:22:55.134root 11241100x8000000000000000336633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d23068f6a575782021-12-21 10:22:55.443root 11241100x8000000000000000336634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b159c8ef485a6ab2021-12-21 10:22:55.444root 11241100x8000000000000000336635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3becf2f8f365e72021-12-21 10:22:55.444root 11241100x8000000000000000336636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33abbd6c33365d62021-12-21 10:22:55.444root 11241100x8000000000000000336637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fec3ca7a7aa81842021-12-21 10:22:55.444root 11241100x8000000000000000336638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9799ac678054a6d42021-12-21 10:22:55.444root 11241100x8000000000000000336639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d050c9c9cdc4b602021-12-21 10:22:55.444root 11241100x8000000000000000336640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b3e93210157032021-12-21 10:22:55.444root 11241100x8000000000000000336641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcf5200074919442021-12-21 10:22:55.444root 11241100x8000000000000000336642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008b431485aa0c12021-12-21 10:22:55.444root 11241100x8000000000000000336643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ab2c2a4258f18a2021-12-21 10:22:55.444root 11241100x8000000000000000336644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f73520f52924962021-12-21 10:22:55.445root 11241100x8000000000000000336645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9927556bc7be80d42021-12-21 10:22:55.445root 11241100x8000000000000000336646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac1a51371c2acf42021-12-21 10:22:55.445root 11241100x8000000000000000336647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74977a63f8bdc292021-12-21 10:22:55.445root 11241100x8000000000000000336648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f6f886cefa0d072021-12-21 10:22:55.445root 11241100x8000000000000000336649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d11cb61b69fcc252021-12-21 10:22:55.445root 11241100x8000000000000000336650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7446936fd1e9f8452021-12-21 10:22:55.445root 11241100x8000000000000000336651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a892f3aff72ccd62021-12-21 10:22:55.445root 11241100x8000000000000000336652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1ded4ba4da31132021-12-21 10:22:55.445root 11241100x8000000000000000336653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1863f4c1dd2172021-12-21 10:22:55.445root 11241100x8000000000000000336654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b7bf99387db9f2021-12-21 10:22:55.446root 11241100x8000000000000000336655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83529b34593b0cf62021-12-21 10:22:55.943root 11241100x8000000000000000336656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66f45a26c324c5c2021-12-21 10:22:55.943root 11241100x8000000000000000336657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d47a2b9d80e148a2021-12-21 10:22:55.944root 11241100x8000000000000000336658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ee9ce29d31cc582021-12-21 10:22:55.944root 11241100x8000000000000000336659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1e7fd1a23324f72021-12-21 10:22:55.944root 11241100x8000000000000000336660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b19b68d42ea21c2021-12-21 10:22:55.944root 11241100x8000000000000000336661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1226ce89ede1f6c92021-12-21 10:22:55.944root 11241100x8000000000000000336662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd70ca925c4d40f2021-12-21 10:22:55.944root 11241100x8000000000000000336663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5efd71b706f48ad2021-12-21 10:22:55.944root 11241100x8000000000000000336664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29d0f3c427c57c22021-12-21 10:22:55.944root 11241100x8000000000000000336665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b1fe8e64f08f562021-12-21 10:22:55.944root 11241100x8000000000000000336666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8fd670d70e4e102021-12-21 10:22:55.944root 11241100x8000000000000000336667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4997237d7d1ea42021-12-21 10:22:55.944root 11241100x8000000000000000336668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fa097e914dbf1f2021-12-21 10:22:55.945root 11241100x8000000000000000336669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17c2b94ceff5e722021-12-21 10:22:55.945root 11241100x8000000000000000336670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0925f19e053c15a2021-12-21 10:22:55.945root 11241100x8000000000000000336671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e073ff817889ff622021-12-21 10:22:55.945root 11241100x8000000000000000336672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd5eeaaed34cbc92021-12-21 10:22:55.945root 11241100x8000000000000000336673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab90d2443a590792021-12-21 10:22:55.945root 11241100x8000000000000000336674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7af28c54484df42021-12-21 10:22:55.945root 11241100x8000000000000000336675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7e90f46e7bb8052021-12-21 10:22:55.945root 11241100x8000000000000000336676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951e0518a3d374682021-12-21 10:22:55.945root 11241100x8000000000000000336677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b8cfc668ccda0b2021-12-21 10:22:56.443root 11241100x8000000000000000336678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c2da7868eb38262021-12-21 10:22:56.443root 11241100x8000000000000000336679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d306a9843530dd292021-12-21 10:22:56.443root 11241100x8000000000000000336680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae7fb150bee23c02021-12-21 10:22:56.443root 11241100x8000000000000000336681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10c19b621dded202021-12-21 10:22:56.443root 11241100x8000000000000000336682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af3a9238bc20fbe2021-12-21 10:22:56.443root 11241100x8000000000000000336683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f182a135f980f35c2021-12-21 10:22:56.443root 11241100x8000000000000000336684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd74b01ddda6e7212021-12-21 10:22:56.444root 11241100x8000000000000000336685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd34f2aa0c2a388d2021-12-21 10:22:56.444root 11241100x8000000000000000336686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc2be4f594904c72021-12-21 10:22:56.444root 11241100x8000000000000000336687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e6d834a2ec40912021-12-21 10:22:56.444root 11241100x8000000000000000336688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c02882f8565f372021-12-21 10:22:56.444root 11241100x8000000000000000336689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48c2a0146b3e6592021-12-21 10:22:56.444root 11241100x8000000000000000336690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a349859d1888e4c92021-12-21 10:22:56.444root 11241100x8000000000000000336691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eab4ee357e1ab12021-12-21 10:22:56.445root 11241100x8000000000000000336692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524e78e6c4b482e2021-12-21 10:22:56.445root 11241100x8000000000000000336693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82b8fe76e0f2c932021-12-21 10:22:56.445root 11241100x8000000000000000336694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b540722aa86472021-12-21 10:22:56.445root 11241100x8000000000000000336695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fe64905f18de5f2021-12-21 10:22:56.445root 11241100x8000000000000000336696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78e01c0eb3afe022021-12-21 10:22:56.445root 11241100x8000000000000000336697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0756884164847b5b2021-12-21 10:22:56.445root 11241100x8000000000000000336698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916238d20bd2fa2a2021-12-21 10:22:56.445root 11241100x8000000000000000336699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2360d4304361ba352021-12-21 10:22:56.446root 11241100x8000000000000000336700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defca43de62cf3392021-12-21 10:22:56.446root 11241100x8000000000000000336701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ecf651a16000892021-12-21 10:22:56.446root 11241100x8000000000000000336702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54002404df391392021-12-21 10:22:56.446root 11241100x8000000000000000336703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd8ddb4a90afebb2021-12-21 10:22:56.446root 11241100x8000000000000000336704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eaa8a0942a19182021-12-21 10:22:56.446root 11241100x8000000000000000336705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16979f9befef8fa52021-12-21 10:22:56.446root 11241100x8000000000000000336706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fff2a0c2dadcf62021-12-21 10:22:56.446root 11241100x8000000000000000336707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3632f70842520e952021-12-21 10:22:56.447root 11241100x8000000000000000336708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b6e678fa93604c2021-12-21 10:22:56.447root 11241100x8000000000000000336709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8767f2cd2f17d5e2021-12-21 10:22:56.447root 11241100x8000000000000000336710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaa1d1b47b6c8462021-12-21 10:22:56.447root 11241100x8000000000000000336711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93599ed58df0e42021-12-21 10:22:56.447root 11241100x8000000000000000336712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e007c24af26df2021-12-21 10:22:56.943root 11241100x8000000000000000336713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ffb6bd41cfe672021-12-21 10:22:56.943root 11241100x8000000000000000336714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170b0e85d1b8d0ee2021-12-21 10:22:56.943root 11241100x8000000000000000336715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bad5bc490628e352021-12-21 10:22:56.943root 11241100x8000000000000000336716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eca5488681ef752021-12-21 10:22:56.944root 11241100x8000000000000000336717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d7291e4286dffc2021-12-21 10:22:56.944root 11241100x8000000000000000336718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2a87fa4ce70aa52021-12-21 10:22:56.944root 11241100x8000000000000000336719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66515b8fea1012972021-12-21 10:22:56.944root 11241100x8000000000000000336720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04ca8d59441793a2021-12-21 10:22:56.944root 11241100x8000000000000000336721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525747f71d9265c12021-12-21 10:22:56.944root 11241100x8000000000000000336722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975ae5679da0ae9f2021-12-21 10:22:56.944root 11241100x8000000000000000336723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c90a939486638a32021-12-21 10:22:56.944root 11241100x8000000000000000336724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18cca0a28ee99282021-12-21 10:22:56.944root 11241100x8000000000000000336725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf487b50051d9e22021-12-21 10:22:56.944root 11241100x8000000000000000336726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f1bba3cae686e82021-12-21 10:22:56.945root 11241100x8000000000000000336727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa4c74365c305f2021-12-21 10:22:56.945root 11241100x8000000000000000336728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca0dacf97b1eb492021-12-21 10:22:56.945root 11241100x8000000000000000336729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5a22592867ae692021-12-21 10:22:56.945root 11241100x8000000000000000336730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ad4ee70c2743c82021-12-21 10:22:56.945root 11241100x8000000000000000336731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa91bf595a484c942021-12-21 10:22:56.945root 11241100x8000000000000000336732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb78c6fc8beef982021-12-21 10:22:56.945root 11241100x8000000000000000336733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e955acbb458b84322021-12-21 10:22:56.945root 11241100x8000000000000000336734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7a77029a9d01fc2021-12-21 10:22:57.442root 11241100x8000000000000000336735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550e0cdffb44e9b82021-12-21 10:22:57.443root 11241100x8000000000000000336736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daac3ab926d59d3e2021-12-21 10:22:57.443root 11241100x8000000000000000336737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbcc9f7ef2277492021-12-21 10:22:57.443root 11241100x8000000000000000336738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cb011aac5d69902021-12-21 10:22:57.443root 11241100x8000000000000000336739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819cafb6003a570b2021-12-21 10:22:57.443root 11241100x8000000000000000336740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86ae1dc570f03a2021-12-21 10:22:57.443root 11241100x8000000000000000336741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ca7f6fdfa206e72021-12-21 10:22:57.444root 11241100x8000000000000000336742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223609f6762202a12021-12-21 10:22:57.444root 11241100x8000000000000000336743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571f144a728e46412021-12-21 10:22:57.444root 11241100x8000000000000000336744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d297837f1f5423d2021-12-21 10:22:57.444root 11241100x8000000000000000336745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38c8ceacb4d70fb2021-12-21 10:22:57.444root 11241100x8000000000000000336746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc053b7d12b36b92021-12-21 10:22:57.444root 11241100x8000000000000000336747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74437afd50fc3f1a2021-12-21 10:22:57.444root 11241100x8000000000000000336748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ea216cdcf66bfb2021-12-21 10:22:57.444root 11241100x8000000000000000336749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ecd7c50f3800192021-12-21 10:22:57.444root 11241100x8000000000000000336750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88603b3e6112a0032021-12-21 10:22:57.444root 11241100x8000000000000000336751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b773dc3873fad61d2021-12-21 10:22:57.445root 11241100x8000000000000000336752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedc6c064cfc27cb2021-12-21 10:22:57.445root 11241100x8000000000000000336753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d26f386c726aa0f2021-12-21 10:22:57.445root 11241100x8000000000000000336754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d3beccdcd157fe2021-12-21 10:22:57.445root 11241100x8000000000000000336755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55aa669698b9cd42021-12-21 10:22:57.445root 11241100x8000000000000000336756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f3b7878f76baf42021-12-21 10:22:57.446root 11241100x8000000000000000336757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e3ecd4c2e83e5e2021-12-21 10:22:57.446root 11241100x8000000000000000336758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ed5a28e18262a2021-12-21 10:22:57.446root 11241100x8000000000000000336759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80da0e45718f5cd32021-12-21 10:22:57.446root 11241100x8000000000000000336760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2696058c08fe7fd92021-12-21 10:22:57.446root 11241100x8000000000000000336761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80ed71e353182c42021-12-21 10:22:57.446root 11241100x8000000000000000336762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373d5dd0f37206072021-12-21 10:22:57.447root 11241100x8000000000000000336763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d74f91e7e3781e52021-12-21 10:22:57.447root 11241100x8000000000000000336764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dc1b7f24d5a9512021-12-21 10:22:57.447root 11241100x8000000000000000336765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf6599cff9429c2021-12-21 10:22:57.447root 11241100x8000000000000000336766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f738eb1da1dc32092021-12-21 10:22:57.447root 11241100x8000000000000000336767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6224da38423a3c962021-12-21 10:22:57.447root 11241100x8000000000000000336768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5509bb0c8767c7f52021-12-21 10:22:57.447root 11241100x8000000000000000336769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663a4919131c99fc2021-12-21 10:22:57.447root 11241100x8000000000000000336770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cfb78ca2314c4b2021-12-21 10:22:57.447root 11241100x8000000000000000336771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0225ddcbea94122021-12-21 10:22:57.448root 11241100x8000000000000000336772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a2b00fe43760a92021-12-21 10:22:57.448root 11241100x8000000000000000336773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3942dd8f2a04792021-12-21 10:22:57.448root 11241100x8000000000000000336774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad0f0c230978df2021-12-21 10:22:57.448root 11241100x8000000000000000336775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c89935dae6bb0f2021-12-21 10:22:57.448root 11241100x8000000000000000336776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa65bdd5ad5ba1e2021-12-21 10:22:57.943root 11241100x8000000000000000336777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc778ac7f46c29df2021-12-21 10:22:57.943root 11241100x8000000000000000336778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d69f86ce85074c92021-12-21 10:22:57.944root 11241100x8000000000000000336779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40fe24c2151cbe12021-12-21 10:22:57.944root 11241100x8000000000000000336780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036b2c5427ae547e2021-12-21 10:22:57.944root 11241100x8000000000000000336781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd264b2f507dd2cc2021-12-21 10:22:57.944root 11241100x8000000000000000336782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92901f56df57dff02021-12-21 10:22:57.944root 11241100x8000000000000000336783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2c85ce86466332021-12-21 10:22:57.944root 11241100x8000000000000000336784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7322108960e3e32021-12-21 10:22:57.944root 11241100x8000000000000000336785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db10f1197b2f6172021-12-21 10:22:57.945root 11241100x8000000000000000336786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd72a633d9832cb92021-12-21 10:22:57.945root 11241100x8000000000000000336787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2e6a933d6f19ab2021-12-21 10:22:57.945root 11241100x8000000000000000336788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdac99522a4e4ea2021-12-21 10:22:57.945root 11241100x8000000000000000336789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1a7e6fbf2a66732021-12-21 10:22:57.945root 11241100x8000000000000000336790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe004001a59c6c232021-12-21 10:22:57.945root 11241100x8000000000000000336791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c23f0c4cf4052012021-12-21 10:22:57.946root 11241100x8000000000000000336792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f07688f896260e12021-12-21 10:22:57.946root 11241100x8000000000000000336793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da2a614f33a7cc72021-12-21 10:22:57.946root 11241100x8000000000000000336794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7417b3aae3145f52021-12-21 10:22:57.946root 11241100x8000000000000000336795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b407972e9f59b4592021-12-21 10:22:57.946root 11241100x8000000000000000336796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e4f8272456a80c2021-12-21 10:22:57.946root 11241100x8000000000000000336797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91cb8068b454cd2021-12-21 10:22:57.946root 11241100x8000000000000000336798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d8c8dc6271ba9c2021-12-21 10:22:57.946root 11241100x8000000000000000336799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d310ead4793390ac2021-12-21 10:22:57.947root 11241100x8000000000000000336800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18c03aeb4c72c292021-12-21 10:22:58.443root 11241100x8000000000000000336801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1961cab289aaec0e2021-12-21 10:22:58.443root 11241100x8000000000000000336802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a49599410a160ee2021-12-21 10:22:58.443root 11241100x8000000000000000336803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813e18cdc4a3a9b2021-12-21 10:22:58.444root 11241100x8000000000000000336804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111247defd97ad1d2021-12-21 10:22:58.445root 11241100x8000000000000000336805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445ecb05df5ff2d72021-12-21 10:22:58.445root 11241100x8000000000000000336806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c144da62917115c2021-12-21 10:22:58.445root 11241100x8000000000000000336807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123386fe18a83262021-12-21 10:22:58.445root 11241100x8000000000000000336808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ad6b5654652e6a2021-12-21 10:22:58.446root 11241100x8000000000000000336809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3629c2a2fcdf7c2021-12-21 10:22:58.446root 11241100x8000000000000000336810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61b67eb9e7731d2021-12-21 10:22:58.446root 11241100x8000000000000000336811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c654e8aa2ceec122021-12-21 10:22:58.447root 11241100x8000000000000000336812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb82ba9c2da7b97b2021-12-21 10:22:58.447root 11241100x8000000000000000336813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb3b40d7466f7032021-12-21 10:22:58.447root 11241100x8000000000000000336814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1821ede13a1e07b02021-12-21 10:22:58.447root 11241100x8000000000000000336815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f9ebf2fcddd2a2021-12-21 10:22:58.447root 11241100x8000000000000000336816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4f248e5b8af9f82021-12-21 10:22:58.447root 11241100x8000000000000000336817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8a3efccc713482021-12-21 10:22:58.448root 11241100x8000000000000000336818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760c9090659a28502021-12-21 10:22:58.448root 11241100x8000000000000000336819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d127f94b9ecf360e2021-12-21 10:22:58.448root 11241100x8000000000000000336820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455a33a5be4a3d842021-12-21 10:22:58.448root 11241100x8000000000000000336821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc6c87adb3880f2021-12-21 10:22:58.448root 11241100x8000000000000000336822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd5962c7539529c2021-12-21 10:22:58.448root 11241100x8000000000000000336823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76639f7b35b339cb2021-12-21 10:22:58.448root 11241100x8000000000000000336824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a861c9be1afb91472021-12-21 10:22:58.449root 11241100x8000000000000000336825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d1a0ce22da47622021-12-21 10:22:58.943root 11241100x8000000000000000336826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952c45c980bd0b772021-12-21 10:22:58.943root 11241100x8000000000000000336827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b470b91f14856ab32021-12-21 10:22:58.944root 11241100x8000000000000000336828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fef548623b1a0762021-12-21 10:22:58.944root 11241100x8000000000000000336829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87797dcaf11c6c372021-12-21 10:22:58.944root 11241100x8000000000000000336830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfea01bb4c03cb02021-12-21 10:22:58.944root 11241100x8000000000000000336831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c4dcf945f13c0c2021-12-21 10:22:58.944root 11241100x8000000000000000336832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c161e2a7add7852021-12-21 10:22:58.944root 11241100x8000000000000000336833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad74c7b1ebd7a8d42021-12-21 10:22:58.944root 11241100x8000000000000000336834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e145a158323d6892021-12-21 10:22:58.944root 11241100x8000000000000000336835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4572416aa88c91b2021-12-21 10:22:58.944root 11241100x8000000000000000336836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dd2c37184f57842021-12-21 10:22:58.944root 11241100x8000000000000000336837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb86ce02c8a2882021-12-21 10:22:58.944root 11241100x8000000000000000336838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdd98bb0bda75bd2021-12-21 10:22:58.944root 11241100x8000000000000000336839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e54122bc41d682021-12-21 10:22:58.945root 11241100x8000000000000000336840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481517b30f2dffc2021-12-21 10:22:58.945root 11241100x8000000000000000336841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa7becd359e5fb52021-12-21 10:22:58.945root 11241100x8000000000000000336842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cec5a2519697d02021-12-21 10:22:58.945root 11241100x8000000000000000336843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3feaa260340da6b2021-12-21 10:22:58.945root 11241100x8000000000000000336844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb06f556f288fc02021-12-21 10:22:58.945root 11241100x8000000000000000336845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc6fddf64299ba02021-12-21 10:22:58.945root 11241100x8000000000000000336846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8579eec6fa87488f2021-12-21 10:22:58.945root 11241100x8000000000000000336847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d2acf43645274c2021-12-21 10:22:59.443root 11241100x8000000000000000336848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a3566becca93562021-12-21 10:22:59.443root 11241100x8000000000000000336849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd425578779725802021-12-21 10:22:59.444root 11241100x8000000000000000336850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2a6fb955d584f72021-12-21 10:22:59.444root 11241100x8000000000000000336851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c666a53d21604be22021-12-21 10:22:59.444root 11241100x8000000000000000336852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e496277d65e5e18a2021-12-21 10:22:59.444root 11241100x8000000000000000336853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1207188699a572e2021-12-21 10:22:59.444root 11241100x8000000000000000336854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a2905db49023802021-12-21 10:22:59.445root 11241100x8000000000000000336855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01084f1192f2c5a12021-12-21 10:22:59.445root 11241100x8000000000000000336856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d0147f32cf66ec2021-12-21 10:22:59.445root 11241100x8000000000000000336857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8921f4180ad736062021-12-21 10:22:59.445root 11241100x8000000000000000336858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ea4168551d0dd82021-12-21 10:22:59.445root 11241100x8000000000000000336859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1428282b593afd2021-12-21 10:22:59.445root 11241100x8000000000000000336860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e786d6d18b98ef0c2021-12-21 10:22:59.445root 11241100x8000000000000000336861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7fdef0a00fcab2021-12-21 10:22:59.445root 11241100x8000000000000000336862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6422f7625b552ebc2021-12-21 10:22:59.445root 11241100x8000000000000000336863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b18c2876a3735f2021-12-21 10:22:59.445root 11241100x8000000000000000336864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81f57509153ade22021-12-21 10:22:59.446root 11241100x8000000000000000336865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a21c5c9da3ba592021-12-21 10:22:59.446root 11241100x8000000000000000336866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005a7905d70180de2021-12-21 10:22:59.446root 11241100x8000000000000000336867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718271fee3b473352021-12-21 10:22:59.446root 11241100x8000000000000000336868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c230e346b8bc812021-12-21 10:22:59.446root 11241100x8000000000000000336869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65b3134c0abfd002021-12-21 10:22:59.446root 11241100x8000000000000000336870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01127ae340070b32021-12-21 10:22:59.943root 11241100x8000000000000000336871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f433a89734292d72021-12-21 10:22:59.943root 11241100x8000000000000000336872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a4a0983bb7cad62021-12-21 10:22:59.943root 11241100x8000000000000000336873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1681f1e6198b4c582021-12-21 10:22:59.943root 11241100x8000000000000000336874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e50776fb5e8e612021-12-21 10:22:59.944root 11241100x8000000000000000336875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48360ee63beb63562021-12-21 10:22:59.944root 11241100x8000000000000000336876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c5cf10b57ad1162021-12-21 10:22:59.944root 11241100x8000000000000000336877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305b41922379b9eb2021-12-21 10:22:59.944root 11241100x8000000000000000336878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9659a4692dadc3402021-12-21 10:22:59.944root 11241100x8000000000000000336879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b1cee3d3110e772021-12-21 10:22:59.944root 11241100x8000000000000000336880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cbc5ea4c448a102021-12-21 10:22:59.945root 11241100x8000000000000000336881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7e4d81e20c630c2021-12-21 10:22:59.945root 11241100x8000000000000000336882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfde0ab22ba96db2021-12-21 10:22:59.945root 11241100x8000000000000000336883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556d6e93ad6535c22021-12-21 10:22:59.945root 11241100x8000000000000000336884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cde3467069ec092021-12-21 10:22:59.945root 11241100x8000000000000000336885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12f295911afeaf82021-12-21 10:22:59.945root 11241100x8000000000000000336886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260a154a56e66fb2021-12-21 10:22:59.945root 11241100x8000000000000000336887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7965ed1f11fb45d92021-12-21 10:22:59.946root 11241100x8000000000000000336888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeb03d993de64b52021-12-21 10:22:59.946root 11241100x8000000000000000336889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800553d7e25439d82021-12-21 10:22:59.946root 11241100x8000000000000000336890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42daa10f7264632021-12-21 10:22:59.946root 11241100x8000000000000000336891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bf588494503b242021-12-21 10:22:59.946root 11241100x8000000000000000336892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd8d9dc417925cf2021-12-21 10:23:00.443root 11241100x8000000000000000336893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955e0b2c02d9ef982021-12-21 10:23:00.443root 11241100x8000000000000000336894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea898f66a7e4bc5a2021-12-21 10:23:00.443root 11241100x8000000000000000336895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c23b9a3c6bb8bb2021-12-21 10:23:00.443root 11241100x8000000000000000336896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0ae101828d9fef2021-12-21 10:23:00.444root 11241100x8000000000000000336897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284b64737263ac4d2021-12-21 10:23:00.444root 11241100x8000000000000000336898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fa37c6fe36c7a12021-12-21 10:23:00.444root 11241100x8000000000000000336899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da95e7fb4b3d652021-12-21 10:23:00.444root 11241100x8000000000000000336900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8ce138ae36ff262021-12-21 10:23:00.444root 11241100x8000000000000000336901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4ec71f6e9e53442021-12-21 10:23:00.444root 11241100x8000000000000000336902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712d3546026c42bb2021-12-21 10:23:00.444root 11241100x8000000000000000336903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dd74d2cc7e444c2021-12-21 10:23:00.445root 11241100x8000000000000000336904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d9dc39ba4e544e2021-12-21 10:23:00.445root 11241100x8000000000000000336905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9309684a1b96d92021-12-21 10:23:00.445root 11241100x8000000000000000336906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ac45dbc554ad72021-12-21 10:23:00.445root 11241100x8000000000000000336907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aaa3c2a629fe342021-12-21 10:23:00.445root 11241100x8000000000000000336908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7674ae41bdececc2021-12-21 10:23:00.445root 11241100x8000000000000000336909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c4f0494f6ab3142021-12-21 10:23:00.446root 11241100x8000000000000000336910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00838d70f9a21b132021-12-21 10:23:00.447root 11241100x8000000000000000336911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0233b8a8998582021-12-21 10:23:00.447root 11241100x8000000000000000336912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0859bf11e4a82dd2021-12-21 10:23:00.447root 11241100x8000000000000000336913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19350c592a9bc6fd2021-12-21 10:23:00.447root 11241100x8000000000000000336914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76655095093a970a2021-12-21 10:23:00.447root 11241100x8000000000000000336915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b60a41e90b59c52021-12-21 10:23:00.943root 11241100x8000000000000000336916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aeda116d0294362021-12-21 10:23:00.943root 11241100x8000000000000000336917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f5d307bdb1df6e2021-12-21 10:23:00.944root 11241100x8000000000000000336918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6d2124bb077a762021-12-21 10:23:00.944root 11241100x8000000000000000336919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878414efb5d1213e2021-12-21 10:23:00.944root 11241100x8000000000000000336920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0657d82b3657e7e32021-12-21 10:23:00.945root 11241100x8000000000000000336921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7812d3b3ef1302ac2021-12-21 10:23:00.945root 11241100x8000000000000000336922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c253c561affd52021-12-21 10:23:00.945root 11241100x8000000000000000336923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5f137ce87abf322021-12-21 10:23:00.945root 11241100x8000000000000000336924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e329dba3ef8e71d2021-12-21 10:23:00.945root 11241100x8000000000000000336925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7991da95118d7c52021-12-21 10:23:00.945root 11241100x8000000000000000336926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c80d67dedf538d82021-12-21 10:23:00.945root 11241100x8000000000000000336927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52b98e027214f0b2021-12-21 10:23:00.945root 11241100x8000000000000000336928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea650059e44e8042021-12-21 10:23:00.945root 11241100x8000000000000000336929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9e594e7daa0c2d2021-12-21 10:23:00.945root 11241100x8000000000000000336930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e5188580dd75862021-12-21 10:23:00.946root 11241100x8000000000000000336931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221641fee8c0c71c2021-12-21 10:23:00.946root 11241100x8000000000000000336932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2af48fc01cd4d582021-12-21 10:23:00.946root 11241100x8000000000000000336933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0fe3659757816c2021-12-21 10:23:00.946root 11241100x8000000000000000336934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c6234e65668ef72021-12-21 10:23:00.946root 11241100x8000000000000000336935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f79cb8de5749c22021-12-21 10:23:00.946root 11241100x8000000000000000336936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa44b7a18a193ac2021-12-21 10:23:00.946root 354300x8000000000000000336937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.074{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47018-false10.0.1.12-8000- 11241100x8000000000000000336938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60ce7494b05951c2021-12-21 10:23:01.443root 11241100x8000000000000000336939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2b116871ad5852021-12-21 10:23:01.443root 11241100x8000000000000000336940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da66abcc103d3a2021-12-21 10:23:01.443root 11241100x8000000000000000336941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd9f5410514c0ad2021-12-21 10:23:01.444root 11241100x8000000000000000336942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d465bef47f1958882021-12-21 10:23:01.444root 11241100x8000000000000000336943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049e4ba7348e5452021-12-21 10:23:01.444root 11241100x8000000000000000336944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f95d9f8b85dfd2021-12-21 10:23:01.444root 11241100x8000000000000000336945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff59a3cc6a1e2c302021-12-21 10:23:01.444root 11241100x8000000000000000336946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026cc0b9b91f83ad2021-12-21 10:23:01.444root 11241100x8000000000000000336947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a0e7ab9fbbbc362021-12-21 10:23:01.444root 11241100x8000000000000000336948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ccf7b7f131eb162021-12-21 10:23:01.444root 11241100x8000000000000000336949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cda4f5147344e72021-12-21 10:23:01.444root 11241100x8000000000000000336950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bef8bfc72df636b2021-12-21 10:23:01.444root 11241100x8000000000000000336951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795f0cf352a4d9ae2021-12-21 10:23:01.444root 11241100x8000000000000000336952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9528f66a852263132021-12-21 10:23:01.445root 11241100x8000000000000000336953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef8f7262024ccd2021-12-21 10:23:01.445root 11241100x8000000000000000336954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ba21a6df4484eb2021-12-21 10:23:01.445root 11241100x8000000000000000336955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa07468fa6a945b2021-12-21 10:23:01.445root 11241100x8000000000000000336956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1a9d7f1e9e30342021-12-21 10:23:01.445root 11241100x8000000000000000336957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ee8250a4ba90152021-12-21 10:23:01.445root 11241100x8000000000000000336958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c0685d2d2a4562021-12-21 10:23:01.445root 11241100x8000000000000000336959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81f0042a65868572021-12-21 10:23:01.445root 11241100x8000000000000000336960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365c2eaef44326492021-12-21 10:23:01.445root 11241100x8000000000000000336961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6d3fad7ef8b9f22021-12-21 10:23:01.943root 11241100x8000000000000000336962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58a60c65b20732d2021-12-21 10:23:01.943root 11241100x8000000000000000336963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832505377a13b0722021-12-21 10:23:01.944root 11241100x8000000000000000336964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a16905299083b2021-12-21 10:23:01.944root 11241100x8000000000000000336965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cc5719fffb54cd2021-12-21 10:23:01.944root 11241100x8000000000000000336966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baf5ba2faba529c2021-12-21 10:23:01.944root 11241100x8000000000000000336967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584faa575866f7d52021-12-21 10:23:01.944root 11241100x8000000000000000336968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1b0a90faff87ad2021-12-21 10:23:01.944root 11241100x8000000000000000336969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce93fdc30ea683c22021-12-21 10:23:01.944root 11241100x8000000000000000336970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ae92116c4218882021-12-21 10:23:01.944root 11241100x8000000000000000336971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ba6a3c48405282021-12-21 10:23:01.945root 11241100x8000000000000000336972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b3159eb4a4627b2021-12-21 10:23:01.945root 11241100x8000000000000000336973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1e0f228010ead72021-12-21 10:23:01.945root 11241100x8000000000000000336974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57575a75fddcb57c2021-12-21 10:23:01.945root 11241100x8000000000000000336975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86cd21d60d9ee652021-12-21 10:23:01.945root 11241100x8000000000000000336976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fac40f68cbf30522021-12-21 10:23:01.945root 11241100x8000000000000000336977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a44163cc301e1e2021-12-21 10:23:01.945root 11241100x8000000000000000336978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164cc7b905da531b2021-12-21 10:23:01.945root 11241100x8000000000000000336979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490d0227d6d9c7b2021-12-21 10:23:01.945root 11241100x8000000000000000336980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40c18df909924ac2021-12-21 10:23:01.945root 11241100x8000000000000000336981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0d3213950f11a22021-12-21 10:23:01.945root 11241100x8000000000000000336982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b816cd903f237a92021-12-21 10:23:01.946root 11241100x8000000000000000336983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2a0e7c88db6af62021-12-21 10:23:01.946root 11241100x8000000000000000336984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99905e20bbd57662021-12-21 10:23:01.946root 11241100x8000000000000000336985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45eb4b04179e1392021-12-21 10:23:01.946root 11241100x8000000000000000336986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27f7b15bc5f0ceb2021-12-21 10:23:02.443root 11241100x8000000000000000336987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589d2da1b4d26e142021-12-21 10:23:02.443root 11241100x8000000000000000336988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1c6f9de8dd8f9a2021-12-21 10:23:02.443root 11241100x8000000000000000336989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e905cfd89d0191e02021-12-21 10:23:02.443root 11241100x8000000000000000336990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f629afc3706eb842021-12-21 10:23:02.444root 11241100x8000000000000000336991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46826af85a2e2c692021-12-21 10:23:02.444root 11241100x8000000000000000336992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91ad98b2518adca2021-12-21 10:23:02.444root 11241100x8000000000000000336993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceed07cb1911f932021-12-21 10:23:02.444root 11241100x8000000000000000336994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f67dd4d2e2adc7c2021-12-21 10:23:02.444root 11241100x8000000000000000336995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a082f2c5206d85492021-12-21 10:23:02.444root 11241100x8000000000000000336996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7db21f0da1fa4832021-12-21 10:23:02.444root 11241100x8000000000000000336997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c54f950216e3c22021-12-21 10:23:02.445root 11241100x8000000000000000336998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5abf4816c86ce42021-12-21 10:23:02.445root 11241100x8000000000000000336999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992f1a28f87bdf9c2021-12-21 10:23:02.445root 11241100x8000000000000000337000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6750cff1a7ba9e2021-12-21 10:23:02.445root 11241100x8000000000000000337001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813c3ac1ee272c9e2021-12-21 10:23:02.445root 11241100x8000000000000000337002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c71c211ebd12d02021-12-21 10:23:02.445root 11241100x8000000000000000337003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3939a222bff3682021-12-21 10:23:02.446root 11241100x8000000000000000337004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b5f69770273e7f2021-12-21 10:23:02.446root 11241100x8000000000000000337005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4e07ad3150eac82021-12-21 10:23:02.446root 11241100x8000000000000000337006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76866e0c226b16402021-12-21 10:23:02.446root 11241100x8000000000000000337007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad74bf81a2a8fb52021-12-21 10:23:02.446root 11241100x8000000000000000337008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6623475c35dd2b02021-12-21 10:23:02.446root 11241100x8000000000000000337009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72435cff6a8fef22021-12-21 10:23:02.943root 11241100x8000000000000000337010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e3fce401e712f02021-12-21 10:23:02.944root 11241100x8000000000000000337011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fff03248e6504cc2021-12-21 10:23:02.944root 11241100x8000000000000000337012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9b36318d4b77042021-12-21 10:23:02.944root 11241100x8000000000000000337013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39e75f0a30c50b62021-12-21 10:23:02.944root 11241100x8000000000000000337014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70bbe49d63e09482021-12-21 10:23:02.944root 11241100x8000000000000000337015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3078d37805fd0692021-12-21 10:23:02.944root 11241100x8000000000000000337016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00df452bba40b5302021-12-21 10:23:02.945root 11241100x8000000000000000337017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f69fecbc22edb562021-12-21 10:23:02.945root 11241100x8000000000000000337018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823555c3385d013c2021-12-21 10:23:02.945root 11241100x8000000000000000337019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4f985daa9b0d22021-12-21 10:23:02.945root 11241100x8000000000000000337020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49efa347634664b72021-12-21 10:23:02.945root 11241100x8000000000000000337021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf6d25ae1e7c63f2021-12-21 10:23:02.945root 11241100x8000000000000000337022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5ed3006f04d1892021-12-21 10:23:02.945root 11241100x8000000000000000337023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e2b996b648a28c2021-12-21 10:23:02.946root 11241100x8000000000000000337024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeb266c010e163a2021-12-21 10:23:02.946root 11241100x8000000000000000337025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32c2eec230e2e312021-12-21 10:23:02.946root 11241100x8000000000000000337026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582e4645ddeb00e12021-12-21 10:23:02.946root 11241100x8000000000000000337027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4663b945bbb04d62021-12-21 10:23:02.946root 11241100x8000000000000000337028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52e3472b3ee30492021-12-21 10:23:02.947root 11241100x8000000000000000337029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82898f5e52b7c6732021-12-21 10:23:02.947root 11241100x8000000000000000337030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7aaa3a63de5b342021-12-21 10:23:02.947root 11241100x8000000000000000337031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e26e4dc1386e802021-12-21 10:23:02.947root 11241100x8000000000000000337032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50001f17e259e8a72021-12-21 10:23:03.442root 11241100x8000000000000000337033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ed2d3bb437bb362021-12-21 10:23:03.443root 11241100x8000000000000000337034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7859c1c723efcb892021-12-21 10:23:03.443root 11241100x8000000000000000337035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3333e122c4bb9f2a2021-12-21 10:23:03.444root 11241100x8000000000000000337036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f472facb89037f682021-12-21 10:23:03.444root 11241100x8000000000000000337037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47567ac876bccbf2021-12-21 10:23:03.444root 11241100x8000000000000000337038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8be3bb6eaa716a2021-12-21 10:23:03.444root 11241100x8000000000000000337039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16384ac46059d5652021-12-21 10:23:03.445root 11241100x8000000000000000337040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee3866eaabebe3e2021-12-21 10:23:03.445root 11241100x8000000000000000337041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba19b7499fe63f422021-12-21 10:23:03.445root 11241100x8000000000000000337042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19c3e2603e8ce202021-12-21 10:23:03.446root 11241100x8000000000000000337043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d208c1641b6a17da2021-12-21 10:23:03.446root 11241100x8000000000000000337044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aaaf2b13909b7d2021-12-21 10:23:03.446root 11241100x8000000000000000337045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207d268a13ccbbec2021-12-21 10:23:03.446root 11241100x8000000000000000337046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc963a453fc42492021-12-21 10:23:03.446root 11241100x8000000000000000337047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a614ba38b06bb45b2021-12-21 10:23:03.447root 11241100x8000000000000000337048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997cc771561f9992021-12-21 10:23:03.447root 11241100x8000000000000000337049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5ab517588e07f52021-12-21 10:23:03.447root 11241100x8000000000000000337050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7fb2e6696c4c632021-12-21 10:23:03.447root 11241100x8000000000000000337051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2094a508acba29322021-12-21 10:23:03.447root 11241100x8000000000000000337052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab11473d2632316f2021-12-21 10:23:03.448root 11241100x8000000000000000337053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153156b1b000ec962021-12-21 10:23:03.448root 11241100x8000000000000000337054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb0cbf4b51d058b2021-12-21 10:23:03.448root 11241100x8000000000000000337055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946aab7d9f4b84422021-12-21 10:23:03.448root 11241100x8000000000000000337056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f395f63ba9f472d42021-12-21 10:23:03.448root 11241100x8000000000000000337057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635befb9ba474f562021-12-21 10:23:03.448root 11241100x8000000000000000337058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4864ebd38324a52021-12-21 10:23:03.448root 11241100x8000000000000000337059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c010ee42523ac4672021-12-21 10:23:03.943root 11241100x8000000000000000337060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac87b484843667a62021-12-21 10:23:03.943root 11241100x8000000000000000337061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ade242c9a025962021-12-21 10:23:03.943root 11241100x8000000000000000337062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc70dfec29639f92021-12-21 10:23:03.943root 11241100x8000000000000000337063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c699fafb85a11ce2021-12-21 10:23:03.943root 11241100x8000000000000000337064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5db1064170d42d42021-12-21 10:23:03.944root 11241100x8000000000000000337065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1549014e31b19672021-12-21 10:23:03.944root 11241100x8000000000000000337066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d870ce8afbcd13282021-12-21 10:23:03.944root 11241100x8000000000000000337067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a3d14a3763c1912021-12-21 10:23:03.944root 11241100x8000000000000000337068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e392fae19ab9542021-12-21 10:23:03.944root 11241100x8000000000000000337069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bf1dfb51df90852021-12-21 10:23:03.944root 11241100x8000000000000000337070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71391140f92ed4f62021-12-21 10:23:03.944root 11241100x8000000000000000337071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33f014610a9b81c2021-12-21 10:23:03.944root 11241100x8000000000000000337072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb486edbb4be34a2021-12-21 10:23:03.944root 11241100x8000000000000000337073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481111f5e2c78ceb2021-12-21 10:23:03.944root 11241100x8000000000000000337074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa410a920a4d41b2021-12-21 10:23:03.945root 11241100x8000000000000000337075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f297866e0b24152021-12-21 10:23:03.945root 11241100x8000000000000000337076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234bd60b19e467b52021-12-21 10:23:03.945root 11241100x8000000000000000337077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce6fce21f5542a82021-12-21 10:23:03.945root 11241100x8000000000000000337078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc223779b8c3e382021-12-21 10:23:03.945root 11241100x8000000000000000337079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39552f23eab7b1202021-12-21 10:23:03.945root 11241100x8000000000000000337080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f39e20ddb36a782021-12-21 10:23:03.945root 11241100x8000000000000000337081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf4f5819c2d15a12021-12-21 10:23:03.945root 11241100x8000000000000000337082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4f385c9dcc48de2021-12-21 10:23:03.946root 11241100x8000000000000000337083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3122777070e717822021-12-21 10:23:04.443root 11241100x8000000000000000337084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48866c5012f9f0852021-12-21 10:23:04.443root 11241100x8000000000000000337085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65afa7ad9374d21c2021-12-21 10:23:04.443root 11241100x8000000000000000337086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0243766732a13d32021-12-21 10:23:04.443root 11241100x8000000000000000337087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73cf39bac0c2a232021-12-21 10:23:04.443root 11241100x8000000000000000337088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bc462f5b7190912021-12-21 10:23:04.443root 11241100x8000000000000000337089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4d67622611d132021-12-21 10:23:04.443root 11241100x8000000000000000337090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bcde91ccb1f4512021-12-21 10:23:04.444root 11241100x8000000000000000337091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b67f354aa14c652021-12-21 10:23:04.444root 11241100x8000000000000000337092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28fe3453e111c792021-12-21 10:23:04.444root 11241100x8000000000000000337093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a0bef0b12a2222021-12-21 10:23:04.444root 11241100x8000000000000000337094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a49af9d5eaeb62021-12-21 10:23:04.444root 11241100x8000000000000000337095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad923b2b8a2763b2021-12-21 10:23:04.444root 11241100x8000000000000000337096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e3360107d4a1872021-12-21 10:23:04.444root 11241100x8000000000000000337097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb871adf90313ba2021-12-21 10:23:04.445root 11241100x8000000000000000337098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae67992a21ce8412021-12-21 10:23:04.445root 11241100x8000000000000000337099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b8a851f455531f2021-12-21 10:23:04.445root 11241100x8000000000000000337100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73db4060054d7e2021-12-21 10:23:04.445root 11241100x8000000000000000337101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ba7b1d3203e0792021-12-21 10:23:04.445root 11241100x8000000000000000337102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eb78dfcd51cf402021-12-21 10:23:04.445root 11241100x8000000000000000337103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4047a212b15e7a632021-12-21 10:23:04.446root 11241100x8000000000000000337104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58afaf7348b7e922021-12-21 10:23:04.446root 11241100x8000000000000000337105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d9c5aa31c906ed2021-12-21 10:23:04.446root 11241100x8000000000000000337106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703ca094119662b92021-12-21 10:23:04.447root 11241100x8000000000000000337107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00b676d396867772021-12-21 10:23:04.447root 11241100x8000000000000000337108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e142a7dc531ff902021-12-21 10:23:04.447root 11241100x8000000000000000337109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4464c0c9cc8bcb2021-12-21 10:23:04.447root 11241100x8000000000000000337110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee4746f0e0e0db72021-12-21 10:23:04.447root 11241100x8000000000000000337111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa4b18d9f5eeffd2021-12-21 10:23:04.447root 11241100x8000000000000000337112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c1ead4e8c46c672021-12-21 10:23:04.943root 11241100x8000000000000000337113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4a7f0c2e5c299e2021-12-21 10:23:04.943root 11241100x8000000000000000337114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd349c80dedb1e412021-12-21 10:23:04.943root 11241100x8000000000000000337115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfc1a01fb9921002021-12-21 10:23:04.943root 11241100x8000000000000000337116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d5a97b1930d352021-12-21 10:23:04.943root 11241100x8000000000000000337117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91050f4e23d41c4d2021-12-21 10:23:04.943root 11241100x8000000000000000337118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd99d2951ffb7f5c2021-12-21 10:23:04.944root 11241100x8000000000000000337119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26c044a6e7fca7b2021-12-21 10:23:04.944root 11241100x8000000000000000337120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b540c0bf72152a62021-12-21 10:23:04.944root 11241100x8000000000000000337121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53892c6778fc5f992021-12-21 10:23:04.944root 11241100x8000000000000000337122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ab25d87bb972a82021-12-21 10:23:04.944root 11241100x8000000000000000337123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f36287fdb9bc92021-12-21 10:23:04.944root 11241100x8000000000000000337124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94be086886723e52021-12-21 10:23:04.944root 11241100x8000000000000000337125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aad24bd7522f2a2021-12-21 10:23:04.944root 11241100x8000000000000000337126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa8a8d91ca935972021-12-21 10:23:04.944root 11241100x8000000000000000337127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545ce5a0d5edb6312021-12-21 10:23:04.944root 11241100x8000000000000000337128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69138e8891136602021-12-21 10:23:04.944root 11241100x8000000000000000337129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb94d3c6b5c98c42021-12-21 10:23:04.945root 11241100x8000000000000000337130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636073c91c2d65b22021-12-21 10:23:04.945root 11241100x8000000000000000337131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5b4fc456089b472021-12-21 10:23:04.945root 11241100x8000000000000000337132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec352e0eeee9fe892021-12-21 10:23:04.945root 11241100x8000000000000000337133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292d53f18d697492021-12-21 10:23:04.945root 11241100x8000000000000000337134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3f0ee8c92b4eae2021-12-21 10:23:04.945root 11241100x8000000000000000337135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce2d5767873c5c2021-12-21 10:23:05.443root 11241100x8000000000000000337136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e302d5cb3e2ba2212021-12-21 10:23:05.443root 11241100x8000000000000000337137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef8b0f9b42439082021-12-21 10:23:05.444root 11241100x8000000000000000337138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acac9ac0b78ea0cf2021-12-21 10:23:05.444root 11241100x8000000000000000337139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b21e1a500753832021-12-21 10:23:05.444root 11241100x8000000000000000337140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4941cc3835395b2021-12-21 10:23:05.444root 11241100x8000000000000000337141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d62c4f1cfa3e272021-12-21 10:23:05.444root 11241100x8000000000000000337142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423057b294e06992021-12-21 10:23:05.444root 11241100x8000000000000000337143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08e54b8bd8005362021-12-21 10:23:05.445root 11241100x8000000000000000337144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6bc5930b73ff3e2021-12-21 10:23:05.445root 11241100x8000000000000000337145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dafeff0090b3f32021-12-21 10:23:05.445root 11241100x8000000000000000337146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d35b5f86f72f8552021-12-21 10:23:05.445root 11241100x8000000000000000337147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c029dc5a0c29d2021-12-21 10:23:05.446root 11241100x8000000000000000337148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef48d18f02eaf832021-12-21 10:23:05.446root 11241100x8000000000000000337149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a855e26f413ff9e02021-12-21 10:23:05.446root 11241100x8000000000000000337150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886f0add3e28bb12021-12-21 10:23:05.446root 11241100x8000000000000000337151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f29fbd6cf277f52021-12-21 10:23:05.446root 11241100x8000000000000000337152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980141865ad61a22021-12-21 10:23:05.446root 11241100x8000000000000000337153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4fa50bf207128e2021-12-21 10:23:05.446root 11241100x8000000000000000337154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48421793b37f0af2021-12-21 10:23:05.446root 11241100x8000000000000000337155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8ddbd0a395d672021-12-21 10:23:05.447root 11241100x8000000000000000337156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a28cd53d85b71f92021-12-21 10:23:05.448root 11241100x8000000000000000337157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216ad7a14189caba2021-12-21 10:23:05.449root 11241100x8000000000000000337158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6e5ea47dc02c222021-12-21 10:23:05.449root 11241100x8000000000000000337159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22680a852136fad2021-12-21 10:23:05.943root 11241100x8000000000000000337160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbd2b42cd2f91682021-12-21 10:23:05.943root 11241100x8000000000000000337161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f011a546157105d2021-12-21 10:23:05.944root 11241100x8000000000000000337162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0002b8b35780472021-12-21 10:23:05.944root 11241100x8000000000000000337163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73255cb597d2e832021-12-21 10:23:05.944root 11241100x8000000000000000337164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dca5842027b2ca2021-12-21 10:23:05.944root 11241100x8000000000000000337165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570d1bdeb51166582021-12-21 10:23:05.944root 11241100x8000000000000000337166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c399a8c344f8942021-12-21 10:23:05.945root 11241100x8000000000000000337167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af7e571253178e2021-12-21 10:23:05.945root 11241100x8000000000000000337168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70162b85af2ecf12021-12-21 10:23:05.945root 11241100x8000000000000000337169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d081c178d588c6a2021-12-21 10:23:05.945root 11241100x8000000000000000337170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac4f40e8ab07b2e2021-12-21 10:23:05.945root 11241100x8000000000000000337171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512b8e3e52d9adff2021-12-21 10:23:05.946root 11241100x8000000000000000337172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c23574ab4f363a2021-12-21 10:23:05.946root 11241100x8000000000000000337173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7198dab5e40a3172021-12-21 10:23:05.946root 11241100x8000000000000000337174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66c97b82c02d1742021-12-21 10:23:05.946root 11241100x8000000000000000337175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192bb0ef9dc9bc2d2021-12-21 10:23:05.947root 11241100x8000000000000000337176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b1f372e44392fc2021-12-21 10:23:05.947root 11241100x8000000000000000337177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c763233568ab8b9c2021-12-21 10:23:05.947root 11241100x8000000000000000337178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a31c69653ffc762021-12-21 10:23:05.947root 11241100x8000000000000000337179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba484f645c83e5c22021-12-21 10:23:05.948root 11241100x8000000000000000337180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d67a1a00efad962021-12-21 10:23:05.948root 11241100x8000000000000000337181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549a5d2f334e66eb2021-12-21 10:23:05.948root 354300x8000000000000000337182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.087{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47020-false10.0.1.12-8000- 11241100x8000000000000000337183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:23:06.350root 11241100x8000000000000000337184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8134181f6963a792021-12-21 10:23:06.351root 11241100x8000000000000000337185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6fbd49df02475d2021-12-21 10:23:06.351root 11241100x8000000000000000337186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b977293645f902021-12-21 10:23:06.351root 11241100x8000000000000000337187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1422523fe2bd60c92021-12-21 10:23:06.351root 11241100x8000000000000000337188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae20365da16492352021-12-21 10:23:06.352root 11241100x8000000000000000337189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8991426c5cd8aab82021-12-21 10:23:06.352root 11241100x8000000000000000337190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d50f082abec6d22021-12-21 10:23:06.352root 11241100x8000000000000000337191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0c0551883c560b2021-12-21 10:23:06.352root 11241100x8000000000000000337192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c5d09b171d97b2021-12-21 10:23:06.352root 11241100x8000000000000000337193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11858bb8abd5fc2021-12-21 10:23:06.352root 11241100x8000000000000000337194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbac6c8e6256f6202021-12-21 10:23:06.352root 11241100x8000000000000000337195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acad15f6d45dde72021-12-21 10:23:06.353root 11241100x8000000000000000337196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4eec8c686e4db22021-12-21 10:23:06.353root 11241100x8000000000000000337197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6a287be84422bd2021-12-21 10:23:06.353root 11241100x8000000000000000337198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da44e959f18b8b2d2021-12-21 10:23:06.353root 11241100x8000000000000000337199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473f764ad07920e12021-12-21 10:23:06.353root 11241100x8000000000000000337200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad89f87f729b0a562021-12-21 10:23:06.354root 11241100x8000000000000000337201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379f37d187bb90fd2021-12-21 10:23:06.354root 11241100x8000000000000000337202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb4b1cfe0b24d12021-12-21 10:23:06.354root 11241100x8000000000000000337203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb4b2bc4f60a64c2021-12-21 10:23:06.354root 11241100x8000000000000000337204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbd044989f2cf62021-12-21 10:23:06.355root 11241100x8000000000000000337205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378735e2066997932021-12-21 10:23:06.355root 11241100x8000000000000000337206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d98368bfe16ba52021-12-21 10:23:06.355root 11241100x8000000000000000337207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe70314922157332021-12-21 10:23:06.356root 11241100x8000000000000000337208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd99f6e96af4d15c2021-12-21 10:23:06.356root 11241100x8000000000000000337209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64597f90911f666e2021-12-21 10:23:06.693root 11241100x8000000000000000337210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8d51a33f4f9fc72021-12-21 10:23:06.693root 11241100x8000000000000000337211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e37c9337f3ef73e2021-12-21 10:23:06.693root 11241100x8000000000000000337212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d4c59c54a001662021-12-21 10:23:06.693root 11241100x8000000000000000337213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763ac642fefba8cb2021-12-21 10:23:06.694root 11241100x8000000000000000337214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccce44f20fdb1942021-12-21 10:23:06.694root 11241100x8000000000000000337215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bd64131d4c7ef2021-12-21 10:23:06.694root 11241100x8000000000000000337216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fde9378f080fe642021-12-21 10:23:06.694root 11241100x8000000000000000337217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b15469d7e29b842021-12-21 10:23:06.694root 11241100x8000000000000000337218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd309df6f88a9702021-12-21 10:23:06.694root 11241100x8000000000000000337219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadba2584491a3ad2021-12-21 10:23:06.694root 11241100x8000000000000000337220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c69832ab304545d2021-12-21 10:23:06.695root 11241100x8000000000000000337221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bd472e78ed15672021-12-21 10:23:06.695root 11241100x8000000000000000337222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33681173ec64674f2021-12-21 10:23:06.695root 11241100x8000000000000000337223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759f540065f0d37e2021-12-21 10:23:06.695root 11241100x8000000000000000337224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d61929deab4b1b2021-12-21 10:23:06.695root 11241100x8000000000000000337225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed48a347ffa843cb2021-12-21 10:23:06.695root 11241100x8000000000000000337226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7db4b3392c27d32021-12-21 10:23:06.695root 11241100x8000000000000000337227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71960ab210bf0752021-12-21 10:23:06.696root 11241100x8000000000000000337228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aa72855ee49ec22021-12-21 10:23:06.696root 11241100x8000000000000000337229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de9952da9034d502021-12-21 10:23:06.696root 11241100x8000000000000000337230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4abd61f121949c2021-12-21 10:23:06.696root 11241100x8000000000000000337231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c67d6e38c547b7b2021-12-21 10:23:06.696root 11241100x8000000000000000337232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71841a3c945173792021-12-21 10:23:06.696root 11241100x8000000000000000337233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d67509550080b2021-12-21 10:23:06.697root 11241100x8000000000000000337234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bdb0a32a79d8d62021-12-21 10:23:07.193root 11241100x8000000000000000337235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38617f5bc81eac2021-12-21 10:23:07.193root 11241100x8000000000000000337236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be5c45a9cb7f5b62021-12-21 10:23:07.193root 11241100x8000000000000000337237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315f782c2c955e6b2021-12-21 10:23:07.193root 11241100x8000000000000000337238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bef69013fd180d62021-12-21 10:23:07.194root 11241100x8000000000000000337239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fb6f723233944d2021-12-21 10:23:07.194root 11241100x8000000000000000337240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bcc2a9504b6b842021-12-21 10:23:07.194root 11241100x8000000000000000337241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9751043baed065e2021-12-21 10:23:07.194root 11241100x8000000000000000337242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e66558594d3cc422021-12-21 10:23:07.194root 11241100x8000000000000000337243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f1da3711a563302021-12-21 10:23:07.194root 11241100x8000000000000000337244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b9bed0add317b52021-12-21 10:23:07.194root 11241100x8000000000000000337245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a393967d0342632021-12-21 10:23:07.194root 11241100x8000000000000000337246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01ef7256980ab1d2021-12-21 10:23:07.195root 11241100x8000000000000000337247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc7b730b19fd1db2021-12-21 10:23:07.195root 11241100x8000000000000000337248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0768c64a7d35f6da2021-12-21 10:23:07.195root 11241100x8000000000000000337249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd15e94dea04618f2021-12-21 10:23:07.195root 11241100x8000000000000000337250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505e6c6800cf89aa2021-12-21 10:23:07.195root 11241100x8000000000000000337251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b009a6561552c42021-12-21 10:23:07.195root 11241100x8000000000000000337252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bab29aea4742a32021-12-21 10:23:07.195root 11241100x8000000000000000337253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99161f7af058cc0f2021-12-21 10:23:07.195root 11241100x8000000000000000337254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca0569a42de9cec2021-12-21 10:23:07.196root 11241100x8000000000000000337255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43f9d9d5326aab2021-12-21 10:23:07.196root 11241100x8000000000000000337256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39edb03371f939132021-12-21 10:23:07.196root 11241100x8000000000000000337257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ac28f6da4398912021-12-21 10:23:07.196root 11241100x8000000000000000337258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab6f74d1b2665902021-12-21 10:23:07.196root 11241100x8000000000000000337259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34de293a38ac9dc2021-12-21 10:23:07.196root 11241100x8000000000000000337260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a122940ec6d0c5c2021-12-21 10:23:07.693root 11241100x8000000000000000337261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684ea41253a23682021-12-21 10:23:07.693root 11241100x8000000000000000337262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aace93eba43c6cd2021-12-21 10:23:07.693root 11241100x8000000000000000337263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44899d8cb817cd202021-12-21 10:23:07.693root 11241100x8000000000000000337264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0d6573590e76e82021-12-21 10:23:07.694root 11241100x8000000000000000337265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51c1183d8377ef82021-12-21 10:23:07.694root 11241100x8000000000000000337266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c9b0a4a01a9c122021-12-21 10:23:07.694root 11241100x8000000000000000337267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddfd31ac3604a752021-12-21 10:23:07.694root 11241100x8000000000000000337268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108fbccbdea1c63e2021-12-21 10:23:07.694root 11241100x8000000000000000337269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c2379fd9aba7b72021-12-21 10:23:07.695root 11241100x8000000000000000337270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3bb97b751e6be82021-12-21 10:23:07.695root 11241100x8000000000000000337271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f4aaf78aaae442021-12-21 10:23:07.695root 11241100x8000000000000000337272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0029d34b8380312021-12-21 10:23:07.695root 11241100x8000000000000000337273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecfad56093006412021-12-21 10:23:07.695root 11241100x8000000000000000337274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a03735f8dea4b32021-12-21 10:23:07.695root 11241100x8000000000000000337275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bf94fc00d6c7ca2021-12-21 10:23:07.696root 11241100x8000000000000000337276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841a66bb10853f982021-12-21 10:23:07.696root 11241100x8000000000000000337277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848e9651f019ac22021-12-21 10:23:07.696root 11241100x8000000000000000337278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671a061188436d5c2021-12-21 10:23:07.696root 11241100x8000000000000000337279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3575061060bc8d662021-12-21 10:23:07.696root 11241100x8000000000000000337280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b258c2c4d6b57e12021-12-21 10:23:07.696root 11241100x8000000000000000337281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ea5fb39914fbce2021-12-21 10:23:07.697root 11241100x8000000000000000337282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5258fe1ae3b8623b2021-12-21 10:23:07.697root 11241100x8000000000000000337283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b700692e5e78baa2021-12-21 10:23:07.697root 11241100x8000000000000000337284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac0af46ab9bc6c92021-12-21 10:23:07.697root 11241100x8000000000000000337285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d1da48f7d81b82021-12-21 10:23:08.193root 11241100x8000000000000000337286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8897fa0267b3a9592021-12-21 10:23:08.193root 11241100x8000000000000000337287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc0ea33b63830f92021-12-21 10:23:08.193root 11241100x8000000000000000337288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cc8223c0addd252021-12-21 10:23:08.193root 11241100x8000000000000000337289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9c8a39047413962021-12-21 10:23:08.193root 11241100x8000000000000000337290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92b3b966cf164f92021-12-21 10:23:08.194root 11241100x8000000000000000337291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4e86d3d4ce89c2021-12-21 10:23:08.194root 11241100x8000000000000000337292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb1dd6018bc1a992021-12-21 10:23:08.194root 11241100x8000000000000000337293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a28ffab089b9382021-12-21 10:23:08.194root 11241100x8000000000000000337294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9332ed3403f0fb2021-12-21 10:23:08.194root 11241100x8000000000000000337295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ebccaa0fbe20762021-12-21 10:23:08.194root 11241100x8000000000000000337296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672582c29a6f73e52021-12-21 10:23:08.194root 11241100x8000000000000000337297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d065d5751c2da0732021-12-21 10:23:08.195root 11241100x8000000000000000337298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997dfbe9afe31c3f2021-12-21 10:23:08.195root 11241100x8000000000000000337299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f994f787011c88d72021-12-21 10:23:08.195root 11241100x8000000000000000337300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95964d1ad81af47d2021-12-21 10:23:08.195root 11241100x8000000000000000337301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358cf563afdfdb542021-12-21 10:23:08.195root 11241100x8000000000000000337302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3776028d68a0aa812021-12-21 10:23:08.195root 11241100x8000000000000000337303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7742b0a4ed9fbda2021-12-21 10:23:08.196root 11241100x8000000000000000337304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e2922a419ee5af2021-12-21 10:23:08.196root 11241100x8000000000000000337305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aaefafea55400d2021-12-21 10:23:08.196root 11241100x8000000000000000337306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4ecc50509735342021-12-21 10:23:08.196root 11241100x8000000000000000337307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8196d468185572532021-12-21 10:23:08.197root 11241100x8000000000000000337308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012061aa653973f2021-12-21 10:23:08.197root 11241100x8000000000000000337309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965831e3e8dd24e52021-12-21 10:23:08.197root 11241100x8000000000000000337310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5663e0198ea6bc32021-12-21 10:23:08.198root 11241100x8000000000000000337311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81190b9a66be6c62021-12-21 10:23:08.693root 11241100x8000000000000000337312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613d7dbab06613bc2021-12-21 10:23:08.693root 11241100x8000000000000000337313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd6a74223fb482f2021-12-21 10:23:08.693root 11241100x8000000000000000337314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbccca5838d8d4682021-12-21 10:23:08.693root 11241100x8000000000000000337315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27628d072fadba2021-12-21 10:23:08.694root 11241100x8000000000000000337316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd51faf08c9f14de2021-12-21 10:23:08.694root 11241100x8000000000000000337317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b084f735fd42a812021-12-21 10:23:08.694root 11241100x8000000000000000337318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c954024cfa2c6d132021-12-21 10:23:08.694root 11241100x8000000000000000337319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42779076b2a8c87b2021-12-21 10:23:08.694root 11241100x8000000000000000337320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f582a843241bc8482021-12-21 10:23:08.694root 11241100x8000000000000000337321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43d10ee405e6002021-12-21 10:23:08.694root 11241100x8000000000000000337322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f9f661f6162e7b2021-12-21 10:23:08.695root 11241100x8000000000000000337323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd626dc55556b362021-12-21 10:23:08.695root 11241100x8000000000000000337324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c3cec57507adf32021-12-21 10:23:08.695root 11241100x8000000000000000337325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258358a1095923382021-12-21 10:23:08.695root 11241100x8000000000000000337326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a2508d2c62508c2021-12-21 10:23:08.695root 11241100x8000000000000000337327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973dae45834d4b4c2021-12-21 10:23:08.695root 11241100x8000000000000000337328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10724f1b78ce962021-12-21 10:23:08.696root 11241100x8000000000000000337329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d825c6259844f2021-12-21 10:23:08.696root 11241100x8000000000000000337330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e71f03930c8cd32021-12-21 10:23:08.696root 11241100x8000000000000000337331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f27d4f05a1b69d62021-12-21 10:23:08.696root 11241100x8000000000000000337332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d66a77da7520f782021-12-21 10:23:08.696root 11241100x8000000000000000337333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8235ec961c498eb2021-12-21 10:23:08.696root 11241100x8000000000000000337334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ea193505b1cc8a2021-12-21 10:23:08.696root 11241100x8000000000000000337335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e555d310b1d703962021-12-21 10:23:08.697root 11241100x8000000000000000337336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264789b9b21264632021-12-21 10:23:08.697root 11241100x8000000000000000337337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f066e5e47023d6372021-12-21 10:23:09.193root 11241100x8000000000000000337338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b472fbbec4f32d2021-12-21 10:23:09.193root 11241100x8000000000000000337339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f33ff5341c9e7882021-12-21 10:23:09.193root 11241100x8000000000000000337340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b28facca80089b42021-12-21 10:23:09.193root 11241100x8000000000000000337341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12385896651713ec2021-12-21 10:23:09.193root 11241100x8000000000000000337342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6b321bb528f1ea2021-12-21 10:23:09.194root 11241100x8000000000000000337343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aae65ecee835a12021-12-21 10:23:09.194root 11241100x8000000000000000337344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08bcf1a1fc9e0872021-12-21 10:23:09.194root 11241100x8000000000000000337345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7d148e9685d5d2021-12-21 10:23:09.194root 11241100x8000000000000000337346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca797c4a08b5cc02021-12-21 10:23:09.194root 11241100x8000000000000000337347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ab7ba5954769272021-12-21 10:23:09.194root 11241100x8000000000000000337348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06e3f9545875cab2021-12-21 10:23:09.194root 11241100x8000000000000000337349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ba976cf496c192021-12-21 10:23:09.195root 11241100x8000000000000000337350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dac4b590331d662021-12-21 10:23:09.195root 11241100x8000000000000000337351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59505aae95fd27d92021-12-21 10:23:09.195root 11241100x8000000000000000337352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e105975fd4a86762021-12-21 10:23:09.195root 11241100x8000000000000000337353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfbc8fa954b9d832021-12-21 10:23:09.195root 11241100x8000000000000000337354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a024101167075082021-12-21 10:23:09.196root 11241100x8000000000000000337355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a99164d67e1bf22021-12-21 10:23:09.196root 11241100x8000000000000000337356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384de25b1240bf322021-12-21 10:23:09.196root 11241100x8000000000000000337357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5bd2850741fcf82021-12-21 10:23:09.196root 11241100x8000000000000000337358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f17fd8b9dffe952021-12-21 10:23:09.196root 11241100x8000000000000000337359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddbeb5c000465f72021-12-21 10:23:09.196root 11241100x8000000000000000337360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220989281b5c0c422021-12-21 10:23:09.197root 11241100x8000000000000000337361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b3a1f30961077f2021-12-21 10:23:09.197root 11241100x8000000000000000337362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a81a7d550218d62021-12-21 10:23:09.197root 23542300x8000000000000000337363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.351{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000337364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa3a4bc4f113e8f2021-12-21 10:23:09.694root 11241100x8000000000000000337365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9585dd23fc276202021-12-21 10:23:09.695root 11241100x8000000000000000337366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46faabb913adc4f72021-12-21 10:23:09.695root 11241100x8000000000000000337367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788d7ab60ed1913a2021-12-21 10:23:09.695root 11241100x8000000000000000337368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a7fb57bdaf7a822021-12-21 10:23:09.695root 11241100x8000000000000000337369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ddfcbcd91bcda2021-12-21 10:23:09.695root 11241100x8000000000000000337370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfc5afb17dea0cf2021-12-21 10:23:09.695root 11241100x8000000000000000337371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3264818ecbd6eb02021-12-21 10:23:09.695root 11241100x8000000000000000337372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec1fd4ab56dd73f2021-12-21 10:23:09.695root 11241100x8000000000000000337373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a18cdff5fc1d6992021-12-21 10:23:09.695root 11241100x8000000000000000337374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968082f540616c62021-12-21 10:23:09.695root 11241100x8000000000000000337375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe46416bbc0347dd2021-12-21 10:23:09.695root 11241100x8000000000000000337376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4ed8b5880cf612021-12-21 10:23:09.696root 11241100x8000000000000000337377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bbfdf8c200bac2021-12-21 10:23:09.696root 11241100x8000000000000000337378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8975315586ac55be2021-12-21 10:23:09.696root 11241100x8000000000000000337379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef711b422e97442021-12-21 10:23:09.696root 11241100x8000000000000000337380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae2126841d370242021-12-21 10:23:09.696root 11241100x8000000000000000337381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904ea29e5a8311642021-12-21 10:23:09.696root 11241100x8000000000000000337382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4ec060deb809fc2021-12-21 10:23:09.696root 11241100x8000000000000000337383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7479b7cac1fd30ff2021-12-21 10:23:09.696root 11241100x8000000000000000337384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a840628b518e74c2021-12-21 10:23:09.696root 11241100x8000000000000000337385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cd96950db9941d2021-12-21 10:23:09.696root 11241100x8000000000000000337386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a916af6edacfb2021-12-21 10:23:09.696root 11241100x8000000000000000337387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993ef9075cfc88402021-12-21 10:23:09.697root 11241100x8000000000000000337388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3228d33a4bd9cc2021-12-21 10:23:09.697root 11241100x8000000000000000337389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b4ba3a6fe4c8802021-12-21 10:23:09.697root 11241100x8000000000000000337390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e61fbb11d55fadb2021-12-21 10:23:09.697root 11241100x8000000000000000337391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99bffa4b6f1fc72021-12-21 10:23:09.697root 11241100x8000000000000000337392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748cf3dd56fca01f2021-12-21 10:23:10.193root 11241100x8000000000000000337393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa6fadab4878f82021-12-21 10:23:10.194root 11241100x8000000000000000337394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ea504ab050b80d2021-12-21 10:23:10.194root 11241100x8000000000000000337395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9a96707e242132021-12-21 10:23:10.195root 11241100x8000000000000000337396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71ef3e8d00e941e2021-12-21 10:23:10.195root 11241100x8000000000000000337397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32f9246660367862021-12-21 10:23:10.195root 11241100x8000000000000000337398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2ab1f689f7f162021-12-21 10:23:10.195root 11241100x8000000000000000337399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eb5337333ba6442021-12-21 10:23:10.196root 11241100x8000000000000000337400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d8d465a513c4042021-12-21 10:23:10.196root 11241100x8000000000000000337401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafc627bee1292ea2021-12-21 10:23:10.196root 11241100x8000000000000000337402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3e6cfd4a907e72021-12-21 10:23:10.197root 11241100x8000000000000000337403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e7145c9da4daff2021-12-21 10:23:10.197root 11241100x8000000000000000337404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d012d19ddb809f22021-12-21 10:23:10.197root 11241100x8000000000000000337405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6075901dc3306f2021-12-21 10:23:10.198root 11241100x8000000000000000337406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80df2ae975b74e4d2021-12-21 10:23:10.198root 11241100x8000000000000000337407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60248bb437e56942021-12-21 10:23:10.198root 11241100x8000000000000000337408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03acce31f338a02021-12-21 10:23:10.198root 11241100x8000000000000000337409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d98cafe6aefba92021-12-21 10:23:10.199root 11241100x8000000000000000337410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89869ed17a672a7f2021-12-21 10:23:10.199root 11241100x8000000000000000337411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2304d4c33adadc22021-12-21 10:23:10.199root 11241100x8000000000000000337412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0010c3416f1a583d2021-12-21 10:23:10.199root 11241100x8000000000000000337413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2afba4c35998ac2021-12-21 10:23:10.199root 11241100x8000000000000000337414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40760bbeb44606732021-12-21 10:23:10.200root 11241100x8000000000000000337415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7d9366e170dac52021-12-21 10:23:10.200root 11241100x8000000000000000337416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bd82fbe76a5eb62021-12-21 10:23:10.200root 11241100x8000000000000000337417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa276e53454960f82021-12-21 10:23:10.200root 11241100x8000000000000000337418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5955168a677fcfe22021-12-21 10:23:10.693root 11241100x8000000000000000337419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b716e2c76a6172552021-12-21 10:23:10.693root 11241100x8000000000000000337420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2684ae8e98c5ea2021-12-21 10:23:10.693root 11241100x8000000000000000337421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f10a58462d812832021-12-21 10:23:10.693root 11241100x8000000000000000337422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2b10e4e867c982021-12-21 10:23:10.693root 11241100x8000000000000000337423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273b50933501e8952021-12-21 10:23:10.693root 11241100x8000000000000000337424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d8122b709d93742021-12-21 10:23:10.693root 11241100x8000000000000000337425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce0d5117a6d0ad42021-12-21 10:23:10.693root 11241100x8000000000000000337426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddd67200dfa6f272021-12-21 10:23:10.694root 11241100x8000000000000000337427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227b6709d1722ef22021-12-21 10:23:10.694root 11241100x8000000000000000337428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f924ef0aaa6cb2112021-12-21 10:23:10.694root 11241100x8000000000000000337429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e563a28d39d11942021-12-21 10:23:10.694root 11241100x8000000000000000337430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fa1c393f5e14782021-12-21 10:23:10.694root 11241100x8000000000000000337431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c5981ffebdc2ea2021-12-21 10:23:10.694root 11241100x8000000000000000337432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35861ddb7a2f67ad2021-12-21 10:23:10.694root 11241100x8000000000000000337433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd3fc77d84803e22021-12-21 10:23:10.694root 11241100x8000000000000000337434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bdf8923c89c6992021-12-21 10:23:10.695root 11241100x8000000000000000337435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb4686912fb6ae32021-12-21 10:23:10.695root 11241100x8000000000000000337436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98f9f14d60435c82021-12-21 10:23:10.695root 11241100x8000000000000000337437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b847e2c7a69de5622021-12-21 10:23:10.695root 11241100x8000000000000000337438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caabaff1af6b25612021-12-21 10:23:10.695root 11241100x8000000000000000337439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d333166a8032297b2021-12-21 10:23:10.695root 11241100x8000000000000000337440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f9b8739dcea4b02021-12-21 10:23:10.695root 11241100x8000000000000000337441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b7716d1098486b2021-12-21 10:23:10.695root 11241100x8000000000000000337442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cc9f27eae6cd402021-12-21 10:23:10.695root 11241100x8000000000000000337443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050116cdbb3e7abc2021-12-21 10:23:10.696root 11241100x8000000000000000337444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c357fe6f786714f2021-12-21 10:23:10.696root 11241100x8000000000000000337445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4acb6ee3dbc98f2021-12-21 10:23:11.193root 11241100x8000000000000000337446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb9f14ab2d49ab52021-12-21 10:23:11.193root 11241100x8000000000000000337447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c33a9643ad3a14a2021-12-21 10:23:11.193root 11241100x8000000000000000337448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3678bf129846fa82021-12-21 10:23:11.193root 11241100x8000000000000000337449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5274764f0315a02021-12-21 10:23:11.193root 11241100x8000000000000000337450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1bc1eb52a2967e2021-12-21 10:23:11.194root 11241100x8000000000000000337451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6564b94c0c4370cc2021-12-21 10:23:11.194root 11241100x8000000000000000337452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68345d1a6afcfe192021-12-21 10:23:11.194root 11241100x8000000000000000337453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf09fb4279ca3dc2021-12-21 10:23:11.194root 11241100x8000000000000000337454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689fa93bf538a7362021-12-21 10:23:11.194root 11241100x8000000000000000337455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2019ef7bb1363d2021-12-21 10:23:11.194root 11241100x8000000000000000337456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0644ae8e120a843d2021-12-21 10:23:11.194root 11241100x8000000000000000337457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e34e187d01e612021-12-21 10:23:11.195root 11241100x8000000000000000337458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319d6638c5e8df222021-12-21 10:23:11.195root 11241100x8000000000000000337459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd9834259f4d8642021-12-21 10:23:11.195root 11241100x8000000000000000337460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0df7d6885ccb492021-12-21 10:23:11.195root 11241100x8000000000000000337461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe21f7d6b4517be62021-12-21 10:23:11.195root 11241100x8000000000000000337462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4da023459309f22021-12-21 10:23:11.195root 11241100x8000000000000000337463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d7b0be985bf972021-12-21 10:23:11.195root 11241100x8000000000000000337464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186369dc3eeb77d02021-12-21 10:23:11.196root 11241100x8000000000000000337465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064d5d256a2635762021-12-21 10:23:11.196root 11241100x8000000000000000337466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8900364480f137d72021-12-21 10:23:11.196root 11241100x8000000000000000337467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fabb2bb442820a2021-12-21 10:23:11.196root 11241100x8000000000000000337468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b297eb26c54e9d22021-12-21 10:23:11.196root 11241100x8000000000000000337469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3b6660c2658ac82021-12-21 10:23:11.196root 11241100x8000000000000000337470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e1d8923bfe98dc2021-12-21 10:23:11.196root 11241100x8000000000000000337471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b42357345309bad2021-12-21 10:23:11.196root 11241100x8000000000000000337472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c18f48c82ce2802021-12-21 10:23:11.693root 11241100x8000000000000000337473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f95623f9f4312322021-12-21 10:23:11.693root 11241100x8000000000000000337474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ddc5944d2c43c12021-12-21 10:23:11.694root 11241100x8000000000000000337475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67e01e92c54ae72021-12-21 10:23:11.694root 11241100x8000000000000000337476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759acdf60c7d7c2c2021-12-21 10:23:11.694root 11241100x8000000000000000337477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacf23a8b2669f562021-12-21 10:23:11.694root 11241100x8000000000000000337478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf22b4ae78bc78b2021-12-21 10:23:11.694root 11241100x8000000000000000337479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3497c2090e7a862021-12-21 10:23:11.694root 11241100x8000000000000000337480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e2b436752e4f52021-12-21 10:23:11.694root 11241100x8000000000000000337481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da69b5f84f720182021-12-21 10:23:11.695root 11241100x8000000000000000337482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfe8412b3e108e12021-12-21 10:23:11.695root 11241100x8000000000000000337483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36a61373861f8a02021-12-21 10:23:11.695root 11241100x8000000000000000337484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c9f79432b9dd122021-12-21 10:23:11.695root 11241100x8000000000000000337485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf29409382b395d12021-12-21 10:23:11.695root 11241100x8000000000000000337486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37131836326bc97a2021-12-21 10:23:11.695root 11241100x8000000000000000337487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5af4fe6a4756a62021-12-21 10:23:11.695root 11241100x8000000000000000337488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f9d1edfdd4e532021-12-21 10:23:11.695root 11241100x8000000000000000337489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daca9a9f1f1a2212021-12-21 10:23:11.696root 11241100x8000000000000000337490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d9c7fa45e7479e2021-12-21 10:23:11.696root 11241100x8000000000000000337491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c9b15381442852021-12-21 10:23:11.696root 11241100x8000000000000000337492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1532e6b1534249d42021-12-21 10:23:11.696root 11241100x8000000000000000337493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2729946f73c20a2021-12-21 10:23:11.696root 11241100x8000000000000000337494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e172b5437616792021-12-21 10:23:11.696root 11241100x8000000000000000337495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5524602ed741b82021-12-21 10:23:11.697root 11241100x8000000000000000337496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eaf088cc2c7cd12021-12-21 10:23:11.697root 11241100x8000000000000000337497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aecfd6d686a89a2021-12-21 10:23:11.697root 154100x8000000000000000337498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.019{ec2b6afe-ab10-61c1-68e4-31a9ee550000}5692/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000337499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e196d4a906c46a4f2021-12-21 10:23:12.022root 11241100x8000000000000000337500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27dd5dc412b2d762021-12-21 10:23:12.022root 11241100x8000000000000000337501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b87a524b23473332021-12-21 10:23:12.022root 11241100x8000000000000000337502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfb1cb5f5405d052021-12-21 10:23:12.022root 11241100x8000000000000000337503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dd0d8b898667812021-12-21 10:23:12.022root 11241100x8000000000000000337504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0a189e10d14ba2021-12-21 10:23:12.022root 11241100x8000000000000000337505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d0a03bc902d252021-12-21 10:23:12.023root 11241100x8000000000000000337506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe66b7519e69082021-12-21 10:23:12.023root 11241100x8000000000000000337507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d651eed9a5431262021-12-21 10:23:12.023root 11241100x8000000000000000337508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef6211180909af82021-12-21 10:23:12.023root 11241100x8000000000000000337509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8de2edfe1b1c76b2021-12-21 10:23:12.023root 11241100x8000000000000000337510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40fa11374bf2242021-12-21 10:23:12.023root 11241100x8000000000000000337511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d25b4940dbe0a02021-12-21 10:23:12.024root 11241100x8000000000000000337512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2441a5853247a622021-12-21 10:23:12.024root 11241100x8000000000000000337513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007356cfabac33f2021-12-21 10:23:12.024root 11241100x8000000000000000337514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f85749fb42b40c62021-12-21 10:23:12.024root 11241100x8000000000000000337515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45caf9facd789882021-12-21 10:23:12.024root 11241100x8000000000000000337516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24f5944348c31f92021-12-21 10:23:12.024root 11241100x8000000000000000337517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d602bb78f6de1b2021-12-21 10:23:12.025root 11241100x8000000000000000337518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3235cb73e724f66b2021-12-21 10:23:12.025root 11241100x8000000000000000337519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7594e4b09977a68e2021-12-21 10:23:12.025root 11241100x8000000000000000337520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c14d65b27bdf1d2021-12-21 10:23:12.025root 11241100x8000000000000000337521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c11cc97a702a522021-12-21 10:23:12.025root 11241100x8000000000000000337522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875b8b758693d3fb2021-12-21 10:23:12.025root 11241100x8000000000000000337523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fac8860fe218b02021-12-21 10:23:12.026root 11241100x8000000000000000337524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6a4144dcfbb5392021-12-21 10:23:12.026root 11241100x8000000000000000337525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea7316f66c4d822021-12-21 10:23:12.026root 11241100x8000000000000000337526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdca0077c84dd792021-12-21 10:23:12.026root 11241100x8000000000000000337527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1419bb548892dcf62021-12-21 10:23:12.026root 11241100x8000000000000000337528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73ff7ba61dd5672021-12-21 10:23:12.026root 11241100x8000000000000000337529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20090a261db19e52021-12-21 10:23:12.027root 11241100x8000000000000000337530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3474a3e4efa252021-12-21 10:23:12.027root 11241100x8000000000000000337531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032c600a7131dfaa2021-12-21 10:23:12.028root 11241100x8000000000000000337532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e5d2aa177d3f6e2021-12-21 10:23:12.028root 11241100x8000000000000000337533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179619c7a143f5862021-12-21 10:23:12.028root 11241100x8000000000000000337534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0210667bcad167c2021-12-21 10:23:12.028root 11241100x8000000000000000337535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256601568b93e3822021-12-21 10:23:12.028root 11241100x8000000000000000337536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa59e5de6cb399f2021-12-21 10:23:12.028root 11241100x8000000000000000337537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8ccef67de8399c2021-12-21 10:23:12.029root 11241100x8000000000000000337538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f3b34044730d42021-12-21 10:23:12.029root 11241100x8000000000000000337539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f103ddc450a9f78a2021-12-21 10:23:12.029root 11241100x8000000000000000337540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba0c7a4757d72522021-12-21 10:23:12.029root 11241100x8000000000000000337541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fc431cfd4eff952021-12-21 10:23:12.029root 11241100x8000000000000000337542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232376c243d8202f2021-12-21 10:23:12.030root 534500x8000000000000000337543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.034{ec2b6afe-ab10-61c1-68e4-31a9ee550000}5692/bin/psroot 354300x8000000000000000337544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.037{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47022-false10.0.1.12-8000- 11241100x8000000000000000337545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bde0d092d2eebd2021-12-21 10:23:12.442root 11241100x8000000000000000337546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b028ce8e6aa37d382021-12-21 10:23:12.443root 11241100x8000000000000000337547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfec786a027b39fb2021-12-21 10:23:12.443root 11241100x8000000000000000337548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442619478be3da8a2021-12-21 10:23:12.443root 11241100x8000000000000000337549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d07e7f271754162021-12-21 10:23:12.443root 11241100x8000000000000000337550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a63d85571be1f292021-12-21 10:23:12.443root 11241100x8000000000000000337551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b717a30555f8fd5a2021-12-21 10:23:12.443root 11241100x8000000000000000337552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bf7d039b515fe22021-12-21 10:23:12.443root 11241100x8000000000000000337553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8943018546c5979b2021-12-21 10:23:12.444root 11241100x8000000000000000337554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25edd6260f462d2021-12-21 10:23:12.444root 11241100x8000000000000000337555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dfe62beb2ca2b42021-12-21 10:23:12.444root 11241100x8000000000000000337556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656247fbf29cfba22021-12-21 10:23:12.444root 11241100x8000000000000000337557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379ab5cf501d4b2d2021-12-21 10:23:12.444root 11241100x8000000000000000337558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d17d64efaf66342021-12-21 10:23:12.444root 11241100x8000000000000000337559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0defefd444514ad82021-12-21 10:23:12.444root 11241100x8000000000000000337560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7705cf1459d485f2021-12-21 10:23:12.445root 11241100x8000000000000000337561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e18131258b679392021-12-21 10:23:12.445root 11241100x8000000000000000337562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d0340ade1e24c2021-12-21 10:23:12.445root 11241100x8000000000000000337563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01814dbab5696b142021-12-21 10:23:12.445root 11241100x8000000000000000337564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b782b4feff98dfb62021-12-21 10:23:12.445root 11241100x8000000000000000337565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec23131be0fd3ad2021-12-21 10:23:12.445root 11241100x8000000000000000337566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc588e97ed9ff7442021-12-21 10:23:12.445root 11241100x8000000000000000337567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34877bcf78d939b2021-12-21 10:23:12.446root 11241100x8000000000000000337568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8101ccd4d498ee322021-12-21 10:23:12.446root 11241100x8000000000000000337569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76cbbd6a972ab552021-12-21 10:23:12.446root 11241100x8000000000000000337570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5ba100a5c8d9bf2021-12-21 10:23:12.446root 11241100x8000000000000000337571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dba860ef1e3f6462021-12-21 10:23:12.447root 11241100x8000000000000000337572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9989753cb55e9a2021-12-21 10:23:12.447root 11241100x8000000000000000337573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159084d96029ee4f2021-12-21 10:23:12.447root 11241100x8000000000000000337574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cecf4819d37a482021-12-21 10:23:12.447root 11241100x8000000000000000337575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c733994cc4c6068c2021-12-21 10:23:12.447root 11241100x8000000000000000337576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ecc333baedb9a22021-12-21 10:23:12.447root 11241100x8000000000000000337577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b970e02fa098d42021-12-21 10:23:12.447root 11241100x8000000000000000337578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699782e0feec32d02021-12-21 10:23:12.943root 11241100x8000000000000000337579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef13c3d7a2f8f7f92021-12-21 10:23:12.943root 11241100x8000000000000000337580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc33f010f3a1bdf22021-12-21 10:23:12.943root 11241100x8000000000000000337581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f08a6a011cf5e4f2021-12-21 10:23:12.943root 11241100x8000000000000000337582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfbd1f8f17508cb2021-12-21 10:23:12.944root 11241100x8000000000000000337583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e78db329ed9a642021-12-21 10:23:12.944root 11241100x8000000000000000337584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f9c7a156ba71852021-12-21 10:23:12.944root 11241100x8000000000000000337585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f66de87c7f0c2a2021-12-21 10:23:12.944root 11241100x8000000000000000337586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcdc5cd7dcd73762021-12-21 10:23:12.945root 11241100x8000000000000000337587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad08d0575dae1622021-12-21 10:23:12.945root 11241100x8000000000000000337588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbef03b18dfc9f52021-12-21 10:23:12.945root 11241100x8000000000000000337589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ca5738c06060422021-12-21 10:23:12.945root 11241100x8000000000000000337590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db47eabd78b1902021-12-21 10:23:12.945root 11241100x8000000000000000337591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b300662831aca59e2021-12-21 10:23:12.945root 11241100x8000000000000000337592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a690d51da370cfc2021-12-21 10:23:12.945root 11241100x8000000000000000337593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac6b0d49a6b3e462021-12-21 10:23:12.946root 11241100x8000000000000000337594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7976106e73a689c52021-12-21 10:23:12.946root 11241100x8000000000000000337595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7d24f2c8e979552021-12-21 10:23:12.946root 11241100x8000000000000000337596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907d91cb9ac3c1cb2021-12-21 10:23:12.946root 11241100x8000000000000000337597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3bb6ddfbd95e562021-12-21 10:23:12.946root 11241100x8000000000000000337598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f706ba579e64cd8d2021-12-21 10:23:12.946root 11241100x8000000000000000337599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4114614c9c071302021-12-21 10:23:12.946root 11241100x8000000000000000337600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f87088c3e91362021-12-21 10:23:12.946root 11241100x8000000000000000337601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2919ef227b1324862021-12-21 10:23:12.947root 11241100x8000000000000000337602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efff3332d3e2b042021-12-21 10:23:12.947root 11241100x8000000000000000337603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86db4dd4f2878be72021-12-21 10:23:12.947root 11241100x8000000000000000337604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a755b9a55aede82021-12-21 10:23:12.947root 11241100x8000000000000000337605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30d99586071d832021-12-21 10:23:12.947root 11241100x8000000000000000337606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc05e4d106d24e362021-12-21 10:23:12.947root 11241100x8000000000000000337607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b44199ba8a49ff2021-12-21 10:23:13.443root 11241100x8000000000000000337608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac205cd931644a992021-12-21 10:23:13.443root 11241100x8000000000000000337609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8d9baf67710f12021-12-21 10:23:13.444root 11241100x8000000000000000337610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07f9e9d7951b1f2021-12-21 10:23:13.444root 11241100x8000000000000000337611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0aa8aad4bf6baf2021-12-21 10:23:13.444root 11241100x8000000000000000337612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752cd07d451330782021-12-21 10:23:13.445root 11241100x8000000000000000337613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e423539b27caf02021-12-21 10:23:13.445root 11241100x8000000000000000337614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6636cc5fccb38b2021-12-21 10:23:13.445root 11241100x8000000000000000337615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4945dfa398f543242021-12-21 10:23:13.445root 11241100x8000000000000000337616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e3a0767a200862021-12-21 10:23:13.445root 11241100x8000000000000000337617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86961cebca12286c2021-12-21 10:23:13.445root 11241100x8000000000000000337618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89816c0bfbf24c032021-12-21 10:23:13.446root 11241100x8000000000000000337619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a415e2ea462972112021-12-21 10:23:13.446root 11241100x8000000000000000337620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da6c4f56fa42492021-12-21 10:23:13.446root 11241100x8000000000000000337621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52800076ab7ac6372021-12-21 10:23:13.446root 11241100x8000000000000000337622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c03f21c89629e1c2021-12-21 10:23:13.446root 11241100x8000000000000000337623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ae2c20c10889442021-12-21 10:23:13.446root 11241100x8000000000000000337624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34c5af6c2b38f432021-12-21 10:23:13.446root 11241100x8000000000000000337625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289585e10aac3d892021-12-21 10:23:13.447root 11241100x8000000000000000337626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9628610fd7587bbd2021-12-21 10:23:13.447root 11241100x8000000000000000337627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8989a4b30dc1ac2021-12-21 10:23:13.447root 11241100x8000000000000000337628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f161e2b1fe6cc51c2021-12-21 10:23:13.447root 11241100x8000000000000000337629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcebd94df9e7a85c2021-12-21 10:23:13.447root 11241100x8000000000000000337630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9a2ea5b534e552021-12-21 10:23:13.448root 11241100x8000000000000000337631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32541d05f205ebeb2021-12-21 10:23:13.448root 11241100x8000000000000000337632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bda4391798887402021-12-21 10:23:13.448root 11241100x8000000000000000337633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219018bbf65b1acf2021-12-21 10:23:13.448root 11241100x8000000000000000337634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae6e4a4bcb9ce3f2021-12-21 10:23:13.448root 11241100x8000000000000000337635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d51a464b1692ab2021-12-21 10:23:13.448root 11241100x8000000000000000337636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a910c3db97364882021-12-21 10:23:13.448root 11241100x8000000000000000337637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcaf637b6069f6b2021-12-21 10:23:13.448root 11241100x8000000000000000337638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89309082619ef8e72021-12-21 10:23:13.943root 11241100x8000000000000000337639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fca18054b047d142021-12-21 10:23:13.943root 11241100x8000000000000000337640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e0fa3adedffe002021-12-21 10:23:13.943root 11241100x8000000000000000337641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f62e3fa5d91185b2021-12-21 10:23:13.943root 11241100x8000000000000000337642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b513a6f623b6dc2021-12-21 10:23:13.943root 11241100x8000000000000000337643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ff26b5532603352021-12-21 10:23:13.943root 11241100x8000000000000000337644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce37b38f01680f472021-12-21 10:23:13.943root 11241100x8000000000000000337645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf327a2f7550561d2021-12-21 10:23:13.943root 11241100x8000000000000000337646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab1742e9614a5e2021-12-21 10:23:13.943root 11241100x8000000000000000337647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09811e744a14e7d42021-12-21 10:23:13.944root 11241100x8000000000000000337648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a559551998bd21532021-12-21 10:23:13.944root 11241100x8000000000000000337649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4eeb184af0835a2021-12-21 10:23:13.944root 11241100x8000000000000000337650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f4ce0691c16afa2021-12-21 10:23:13.944root 11241100x8000000000000000337651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4432134f82ecd032021-12-21 10:23:13.944root 11241100x8000000000000000337652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee4e5e48da4e0022021-12-21 10:23:13.944root 11241100x8000000000000000337653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d3f1bdd763423f2021-12-21 10:23:13.944root 11241100x8000000000000000337654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4510172562ae9e62021-12-21 10:23:13.945root 11241100x8000000000000000337655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caffedc5d6b7cf2d2021-12-21 10:23:13.945root 11241100x8000000000000000337656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae9e081d97879bc2021-12-21 10:23:13.945root 11241100x8000000000000000337657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ff8a8d1f346c572021-12-21 10:23:13.945root 11241100x8000000000000000337658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86f096e58a5af72021-12-21 10:23:13.945root 11241100x8000000000000000337659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f4fbef80c29ca12021-12-21 10:23:13.945root 11241100x8000000000000000337660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b8c697434d0132021-12-21 10:23:13.945root 11241100x8000000000000000337661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cc03ba0286bbe12021-12-21 10:23:13.945root 11241100x8000000000000000337662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa873166f118f9e82021-12-21 10:23:13.945root 11241100x8000000000000000337663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f243a56ee9c02cf2021-12-21 10:23:13.946root 11241100x8000000000000000337664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5680676d3b50ee2021-12-21 10:23:13.946root 11241100x8000000000000000337665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681f145b97dabacd2021-12-21 10:23:13.946root 11241100x8000000000000000337666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3e27a811aebc692021-12-21 10:23:13.946root 11241100x8000000000000000337667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b2e01770b896e2021-12-21 10:23:13.946root 11241100x8000000000000000337668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9261dd3413ac3cc2021-12-21 10:23:13.946root 11241100x8000000000000000337669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb79510b29dd0582021-12-21 10:23:13.947root 11241100x8000000000000000337670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affe3d6a9edd29582021-12-21 10:23:13.947root 11241100x8000000000000000337671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a648356bdd1152021-12-21 10:23:13.947root 11241100x8000000000000000337672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440f2d5f5e724dbb2021-12-21 10:23:13.947root 11241100x8000000000000000337673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691c1b121b1d0be52021-12-21 10:23:13.947root 11241100x8000000000000000337674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9847ba836805a8f2021-12-21 10:23:13.947root 11241100x8000000000000000337675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba6b10ea86be712021-12-21 10:23:14.443root 11241100x8000000000000000337676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1250772d46ef57172021-12-21 10:23:14.443root 11241100x8000000000000000337677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d71a2262bd46e62021-12-21 10:23:14.444root 11241100x8000000000000000337678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4453a734f92c1c2021-12-21 10:23:14.444root 11241100x8000000000000000337679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122201939f3990b72021-12-21 10:23:14.444root 11241100x8000000000000000337680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5826045e0abc56182021-12-21 10:23:14.444root 11241100x8000000000000000337681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d3a9680613dfe52021-12-21 10:23:14.444root 11241100x8000000000000000337682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f75e8584a3b70f12021-12-21 10:23:14.444root 11241100x8000000000000000337683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5780d2339ff4f4e2021-12-21 10:23:14.444root 11241100x8000000000000000337684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe4ab4725cb89422021-12-21 10:23:14.445root 11241100x8000000000000000337685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69067fb0fa207a8b2021-12-21 10:23:14.445root 11241100x8000000000000000337686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84675e6f7b589ef2021-12-21 10:23:14.445root 11241100x8000000000000000337687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e22b1e97611d62021-12-21 10:23:14.445root 11241100x8000000000000000337688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c1e3eb84f1c7242021-12-21 10:23:14.445root 11241100x8000000000000000337689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6127b3c17c89442021-12-21 10:23:14.445root 11241100x8000000000000000337690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9f10f638d63b22021-12-21 10:23:14.445root 11241100x8000000000000000337691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc69f790652e32ed2021-12-21 10:23:14.445root 11241100x8000000000000000337692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a4ef8419ea9f972021-12-21 10:23:14.446root 11241100x8000000000000000337693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244f4b9558e594182021-12-21 10:23:14.446root 11241100x8000000000000000337694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ace16f689b1c772021-12-21 10:23:14.446root 11241100x8000000000000000337695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579f635b525a7bc2021-12-21 10:23:14.446root 11241100x8000000000000000337696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd3b2dd311a504c2021-12-21 10:23:14.446root 11241100x8000000000000000337697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559500280e3d57d62021-12-21 10:23:14.446root 11241100x8000000000000000337698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589e610d2a6eb2be2021-12-21 10:23:14.446root 11241100x8000000000000000337699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9d6157ac793e9c2021-12-21 10:23:14.446root 11241100x8000000000000000337700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09eaec4464f3dc112021-12-21 10:23:14.447root 11241100x8000000000000000337701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415a5596d5daffb82021-12-21 10:23:14.447root 11241100x8000000000000000337702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084319c6f9a689b52021-12-21 10:23:14.447root 11241100x8000000000000000337703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04325b1d0014452021-12-21 10:23:14.447root 11241100x8000000000000000337704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba03352674c7a9882021-12-21 10:23:14.447root 11241100x8000000000000000337705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cd809ce6443c402021-12-21 10:23:14.943root 11241100x8000000000000000337706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4454ca3cd81e9a942021-12-21 10:23:14.943root 11241100x8000000000000000337707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199db755c9b1edd02021-12-21 10:23:14.943root 11241100x8000000000000000337708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b96fa4ba6b1262021-12-21 10:23:14.944root 11241100x8000000000000000337709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7536e10ca983cb82021-12-21 10:23:14.944root 11241100x8000000000000000337710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c169ed8a634937d2021-12-21 10:23:14.944root 11241100x8000000000000000337711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796d744f2d6cdac52021-12-21 10:23:14.944root 11241100x8000000000000000337712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b6795a666744c32021-12-21 10:23:14.944root 11241100x8000000000000000337713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7462acdd3e3f082021-12-21 10:23:14.944root 11241100x8000000000000000337714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c26ab0d2ca377122021-12-21 10:23:14.944root 11241100x8000000000000000337715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9bba64fbee57552021-12-21 10:23:14.944root 11241100x8000000000000000337716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e014edc57c40b82021-12-21 10:23:14.944root 11241100x8000000000000000337717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e8c7490516c9c32021-12-21 10:23:14.945root 11241100x8000000000000000337718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6c4eed1c9985562021-12-21 10:23:14.945root 11241100x8000000000000000337719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112e187cc4cc95f92021-12-21 10:23:14.945root 11241100x8000000000000000337720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63d75539c78f5582021-12-21 10:23:14.945root 11241100x8000000000000000337721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac6927b27634faf2021-12-21 10:23:14.945root 11241100x8000000000000000337722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c0611000e755562021-12-21 10:23:14.945root 11241100x8000000000000000337723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27fe544074dabaf2021-12-21 10:23:14.945root 11241100x8000000000000000337724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31776ec7326e70ee2021-12-21 10:23:14.945root 11241100x8000000000000000337725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca6e489bf819f92021-12-21 10:23:14.945root 11241100x8000000000000000337726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bdb454e10c1b002021-12-21 10:23:14.945root 11241100x8000000000000000337727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5458a86e00e271b02021-12-21 10:23:14.945root 11241100x8000000000000000337728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d1d2f4f260dc022021-12-21 10:23:14.946root 11241100x8000000000000000337729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638c49cf6dcff5c12021-12-21 10:23:14.946root 11241100x8000000000000000337730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557e38b660b443212021-12-21 10:23:14.946root 11241100x8000000000000000337731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dd3970d9fc0eac2021-12-21 10:23:14.946root 11241100x8000000000000000337732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2ca8197f2ea0e42021-12-21 10:23:14.946root 11241100x8000000000000000337733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97efb6d7504c11b52021-12-21 10:23:14.946root 11241100x8000000000000000337734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08e0cb55a6060662021-12-21 10:23:15.443root 11241100x8000000000000000337735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e84a491ec5412f22021-12-21 10:23:15.443root 11241100x8000000000000000337736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8f1aa594efbd682021-12-21 10:23:15.443root 11241100x8000000000000000337737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d37aab1d5c18912021-12-21 10:23:15.444root 11241100x8000000000000000337738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cb6186b8b26e152021-12-21 10:23:15.444root 11241100x8000000000000000337739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d59248fb8f8a7152021-12-21 10:23:15.444root 11241100x8000000000000000337740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980058c51778084c2021-12-21 10:23:15.444root 11241100x8000000000000000337741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a773eeab7068a0502021-12-21 10:23:15.444root 11241100x8000000000000000337742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1223ef652278b2582021-12-21 10:23:15.444root 11241100x8000000000000000337743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7109f8a793939a2021-12-21 10:23:15.445root 11241100x8000000000000000337744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c318afb577d042021-12-21 10:23:15.445root 11241100x8000000000000000337745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf8735404f270682021-12-21 10:23:15.445root 11241100x8000000000000000337746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e284d353a67753ca2021-12-21 10:23:15.445root 11241100x8000000000000000337747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8facfe964c2052021-12-21 10:23:15.445root 11241100x8000000000000000337748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8059a50be19223372021-12-21 10:23:15.445root 11241100x8000000000000000337749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1913e7a76e622c992021-12-21 10:23:15.445root 11241100x8000000000000000337750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d17ab6874698072021-12-21 10:23:15.446root 11241100x8000000000000000337751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a99dbfa72370112021-12-21 10:23:15.446root 11241100x8000000000000000337752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69fbda228729e522021-12-21 10:23:15.446root 11241100x8000000000000000337753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c786320332e03d2021-12-21 10:23:15.446root 11241100x8000000000000000337754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe35ad407a20b50e2021-12-21 10:23:15.446root 11241100x8000000000000000337755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26679c8411268202021-12-21 10:23:15.446root 11241100x8000000000000000337756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22178e4a5e24b5d2021-12-21 10:23:15.447root 11241100x8000000000000000337757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e90497e92364a42021-12-21 10:23:15.447root 11241100x8000000000000000337758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28afa85c7ac2754e2021-12-21 10:23:15.447root 11241100x8000000000000000337759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5f809c60442db32021-12-21 10:23:15.447root 11241100x8000000000000000337760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10ef2356716466c2021-12-21 10:23:15.447root 11241100x8000000000000000337761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc623260149153e92021-12-21 10:23:15.447root 11241100x8000000000000000337762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc775975684900df2021-12-21 10:23:15.447root 11241100x8000000000000000337763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ce6f27e2e37132021-12-21 10:23:15.943root 11241100x8000000000000000337764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8639c0182fd7e7b2021-12-21 10:23:15.943root 11241100x8000000000000000337765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed3c9defb4b7ba72021-12-21 10:23:15.943root 11241100x8000000000000000337766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bc6efc1fd59f0a2021-12-21 10:23:15.944root 11241100x8000000000000000337767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc02aed3c5b65dc2021-12-21 10:23:15.944root 11241100x8000000000000000337768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c095b8786093642021-12-21 10:23:15.944root 11241100x8000000000000000337769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05ac23df5da57672021-12-21 10:23:15.944root 11241100x8000000000000000337770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d08bd4da4b416c2021-12-21 10:23:15.944root 11241100x8000000000000000337771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a975576035c792021-12-21 10:23:15.944root 11241100x8000000000000000337772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f1f353ed79e3b2021-12-21 10:23:15.945root 11241100x8000000000000000337773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afee3c3a9096c1522021-12-21 10:23:15.945root 11241100x8000000000000000337774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398494fa263fd36d2021-12-21 10:23:15.945root 11241100x8000000000000000337775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd3240c3f19f7132021-12-21 10:23:15.945root 11241100x8000000000000000337776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d579f789ddfad5c2021-12-21 10:23:15.945root 11241100x8000000000000000337777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f5bede2ad2640a2021-12-21 10:23:15.945root 11241100x8000000000000000337778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6e6a777d953b332021-12-21 10:23:15.946root 11241100x8000000000000000337779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1697d1187a6a682021-12-21 10:23:15.946root 11241100x8000000000000000337780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6bf20dbec7db422021-12-21 10:23:15.946root 11241100x8000000000000000337781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72d168a28a2d9442021-12-21 10:23:15.946root 11241100x8000000000000000337782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef02fee6f3d6d25a2021-12-21 10:23:15.946root 11241100x8000000000000000337783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5fc41bf091944e2021-12-21 10:23:15.946root 11241100x8000000000000000337784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f4c4f134a3aac2021-12-21 10:23:15.946root 11241100x8000000000000000337785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b7a9db7e68a5142021-12-21 10:23:15.947root 11241100x8000000000000000337786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fef499cdb36032021-12-21 10:23:15.947root 11241100x8000000000000000337787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5541beaec92ec22021-12-21 10:23:15.947root 11241100x8000000000000000337788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccac8f1e8892d8482021-12-21 10:23:15.947root 11241100x8000000000000000337789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21013a12154351832021-12-21 10:23:15.947root 11241100x8000000000000000337790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3125c03f763016a72021-12-21 10:23:15.947root 11241100x8000000000000000337791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7617340b2ef8c842021-12-21 10:23:15.947root 11241100x8000000000000000337792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802966b05b9268c42021-12-21 10:23:15.947root 11241100x8000000000000000337793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dcde978a30cdad2021-12-21 10:23:15.947root 11241100x8000000000000000337794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540a1797c0bf93002021-12-21 10:23:15.948root 11241100x8000000000000000337795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbee7abe6e486272021-12-21 10:23:15.948root 11241100x8000000000000000337796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf397f4dfc0add42021-12-21 10:23:15.948root 11241100x8000000000000000337797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fd6aa8540dc0132021-12-21 10:23:15.948root 11241100x8000000000000000337798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b31ac3b830e72c2021-12-21 10:23:15.948root 11241100x8000000000000000337799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b222fbf08ac35f2021-12-21 10:23:15.948root 11241100x8000000000000000337800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed81e8366aab3f2021-12-21 10:23:16.443root 11241100x8000000000000000337801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d4ca47184c40482021-12-21 10:23:16.443root 11241100x8000000000000000337802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca6476bb9f2c4692021-12-21 10:23:16.443root 11241100x8000000000000000337803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bd6db4a6dd3aa82021-12-21 10:23:16.444root 11241100x8000000000000000337804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a588e9369a75f82021-12-21 10:23:16.444root 11241100x8000000000000000337805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04065c5b412fb0972021-12-21 10:23:16.444root 11241100x8000000000000000337806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbac657d68d6c97a2021-12-21 10:23:16.444root 11241100x8000000000000000337807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7661949baf1ac652021-12-21 10:23:16.444root 11241100x8000000000000000337808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8715947b60990612021-12-21 10:23:16.444root 11241100x8000000000000000337809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c5f16b9202cc352021-12-21 10:23:16.444root 11241100x8000000000000000337810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dbd0b56cb866c32021-12-21 10:23:16.444root 11241100x8000000000000000337811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd1ece3d4cedb52021-12-21 10:23:16.445root 11241100x8000000000000000337812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cb93a159bd143e2021-12-21 10:23:16.445root 11241100x8000000000000000337813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e2bbdc7279ca912021-12-21 10:23:16.445root 11241100x8000000000000000337814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1722ea8bc25123972021-12-21 10:23:16.445root 11241100x8000000000000000337815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcc01851964e9f32021-12-21 10:23:16.445root 11241100x8000000000000000337816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b98fb235fdfa052021-12-21 10:23:16.445root 11241100x8000000000000000337817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caed85a74ebded02021-12-21 10:23:16.445root 11241100x8000000000000000337818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b857c1c756b4a2021-12-21 10:23:16.445root 11241100x8000000000000000337819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8660013ef309b3a2021-12-21 10:23:16.446root 11241100x8000000000000000337820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee4d46d09470ae2021-12-21 10:23:16.446root 11241100x8000000000000000337821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a735916182f371e2021-12-21 10:23:16.446root 11241100x8000000000000000337822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdf5892371192092021-12-21 10:23:16.446root 11241100x8000000000000000337823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcfa7f5041577582021-12-21 10:23:16.446root 11241100x8000000000000000337824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15e95a5b92d6f382021-12-21 10:23:16.446root 11241100x8000000000000000337825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a21da833427c6ac2021-12-21 10:23:16.446root 11241100x8000000000000000337826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c26b6404bcfc35a2021-12-21 10:23:16.447root 11241100x8000000000000000337827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e7bb72dc87f2db2021-12-21 10:23:16.447root 11241100x8000000000000000337828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387b45b0653a43fe2021-12-21 10:23:16.447root 11241100x8000000000000000337829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f12d7bf037242452021-12-21 10:23:16.447root 11241100x8000000000000000337830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbc46b2d86ca9f32021-12-21 10:23:16.943root 11241100x8000000000000000337831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcbab8bb5271ae42021-12-21 10:23:16.943root 11241100x8000000000000000337832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cf769d942c91d82021-12-21 10:23:16.943root 11241100x8000000000000000337833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48331f7339b3a27d2021-12-21 10:23:16.943root 11241100x8000000000000000337834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b78d8870d4981252021-12-21 10:23:16.943root 11241100x8000000000000000337835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1c7926f8273f492021-12-21 10:23:16.944root 11241100x8000000000000000337836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040fee5b9190df652021-12-21 10:23:16.944root 11241100x8000000000000000337837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26a56be2b31d6692021-12-21 10:23:16.944root 11241100x8000000000000000337838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0d3ddd003d4112021-12-21 10:23:16.944root 11241100x8000000000000000337839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6624f4459eb30b2021-12-21 10:23:16.944root 11241100x8000000000000000337840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbfdc12c34d465d2021-12-21 10:23:16.944root 11241100x8000000000000000337841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094cde397f038a5c2021-12-21 10:23:16.944root 11241100x8000000000000000337842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d180b3fa779e9252021-12-21 10:23:16.944root 11241100x8000000000000000337843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251c8dd5e98eae7d2021-12-21 10:23:16.944root 11241100x8000000000000000337844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849ef00a09d3adce2021-12-21 10:23:16.944root 11241100x8000000000000000337845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a8cdc98c9ccb2a2021-12-21 10:23:16.944root 11241100x8000000000000000337846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93edca19de0d8ee2021-12-21 10:23:16.944root 11241100x8000000000000000337847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94a9df4c51fccd52021-12-21 10:23:16.944root 11241100x8000000000000000337848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0367fd4fc89402f22021-12-21 10:23:16.944root 11241100x8000000000000000337849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb658e2458f9c012021-12-21 10:23:16.944root 11241100x8000000000000000337850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a34c872118eac72021-12-21 10:23:16.944root 11241100x8000000000000000337851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2dc7af4e1042582021-12-21 10:23:16.945root 11241100x8000000000000000337852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa61d714b43b538c2021-12-21 10:23:16.945root 11241100x8000000000000000337853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91339530b2375f752021-12-21 10:23:16.945root 11241100x8000000000000000337854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b760ca0abf9b12021-12-21 10:23:16.945root 11241100x8000000000000000337855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2dddde1525524e2021-12-21 10:23:16.945root 11241100x8000000000000000337856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa013adaab330f72021-12-21 10:23:16.945root 11241100x8000000000000000337857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c400d47b3b29072021-12-21 10:23:16.945root 11241100x8000000000000000337858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b8951a121fe4d02021-12-21 10:23:16.945root 11241100x8000000000000000337859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca079d070512f112021-12-21 10:23:16.945root 354300x8000000000000000337860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.180{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47024-false10.0.1.12-8000- 11241100x8000000000000000337861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533fc7c432cdc3ba2021-12-21 10:23:17.443root 11241100x8000000000000000337862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c385e29d6bc1db2021-12-21 10:23:17.443root 11241100x8000000000000000337863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c483eeea1a7ac62021-12-21 10:23:17.443root 11241100x8000000000000000337864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f8b5dd368743eb2021-12-21 10:23:17.443root 11241100x8000000000000000337865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c0a0802046016b2021-12-21 10:23:17.444root 11241100x8000000000000000337866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b22f56673c2c95a2021-12-21 10:23:17.444root 11241100x8000000000000000337867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1fde027fcef5a92021-12-21 10:23:17.444root 11241100x8000000000000000337868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba4a2b2115bbc52021-12-21 10:23:17.444root 11241100x8000000000000000337869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ab37a1d6b851772021-12-21 10:23:17.444root 11241100x8000000000000000337870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d496c1afab550b2021-12-21 10:23:17.444root 11241100x8000000000000000337871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939e0fc618a378772021-12-21 10:23:17.445root 11241100x8000000000000000337872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c783d4133f2ff2021-12-21 10:23:17.445root 11241100x8000000000000000337873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37433f26270ff8a52021-12-21 10:23:17.445root 11241100x8000000000000000337874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eb333d526fe45e2021-12-21 10:23:17.445root 11241100x8000000000000000337875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79614e8c6e93c60c2021-12-21 10:23:17.445root 11241100x8000000000000000337876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bba8444dc71fd482021-12-21 10:23:17.445root 11241100x8000000000000000337877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e04a9a34ea4e02021-12-21 10:23:17.445root 11241100x8000000000000000337878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcdbb1dc8550fee2021-12-21 10:23:17.445root 11241100x8000000000000000337879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936957c5d5df5d32021-12-21 10:23:17.446root 11241100x8000000000000000337880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d30fde66241a032021-12-21 10:23:17.446root 11241100x8000000000000000337881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d13e632db8db012021-12-21 10:23:17.446root 11241100x8000000000000000337882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d30fdd44742d2c2021-12-21 10:23:17.446root 11241100x8000000000000000337883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653225a21f13a1422021-12-21 10:23:17.446root 11241100x8000000000000000337884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da10f1f879b874b62021-12-21 10:23:17.446root 11241100x8000000000000000337885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b471f56b6d99fe452021-12-21 10:23:17.447root 11241100x8000000000000000337886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac5015660ba8dd2021-12-21 10:23:17.447root 11241100x8000000000000000337887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7a43f9cc41f5972021-12-21 10:23:17.447root 11241100x8000000000000000337888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcfc340451ff9d02021-12-21 10:23:17.447root 11241100x8000000000000000337889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d326b400b1c53b82021-12-21 10:23:17.447root 11241100x8000000000000000337890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2836cc194865312021-12-21 10:23:17.447root 11241100x8000000000000000337891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b21784e896ec28a2021-12-21 10:23:17.448root 11241100x8000000000000000337892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae908bd925d9c502021-12-21 10:23:17.943root 11241100x8000000000000000337893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f84fc39679e1922021-12-21 10:23:17.943root 11241100x8000000000000000337894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be8002b23cf4792021-12-21 10:23:17.943root 11241100x8000000000000000337895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19256a36141e216a2021-12-21 10:23:17.944root 11241100x8000000000000000337896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d77f5b30742a262021-12-21 10:23:17.944root 11241100x8000000000000000337897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5511d0e4df20832021-12-21 10:23:17.944root 11241100x8000000000000000337898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21942b421e54ac302021-12-21 10:23:17.944root 11241100x8000000000000000337899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd425137bf9f952a2021-12-21 10:23:17.944root 11241100x8000000000000000337900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990482d32a0cac0c2021-12-21 10:23:17.944root 11241100x8000000000000000337901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e78c0edcdfc1ecd2021-12-21 10:23:17.945root 11241100x8000000000000000337902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed6e786ae5c90ed2021-12-21 10:23:17.945root 11241100x8000000000000000337903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4189c1c629141b2021-12-21 10:23:17.945root 11241100x8000000000000000337904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1192fae87ddd8f022021-12-21 10:23:17.945root 11241100x8000000000000000337905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a966d46df8e714b2021-12-21 10:23:17.946root 11241100x8000000000000000337906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326541fe2bbca3d52021-12-21 10:23:17.946root 11241100x8000000000000000337907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dd92ecc1d4cbc02021-12-21 10:23:17.946root 11241100x8000000000000000337908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c682ae8547b78c92021-12-21 10:23:17.947root 11241100x8000000000000000337909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d313c120d80f542021-12-21 10:23:17.947root 11241100x8000000000000000337910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff54670a80153a592021-12-21 10:23:17.947root 11241100x8000000000000000337911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f8a392977bec082021-12-21 10:23:17.947root 11241100x8000000000000000337912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf0d9b4d643081f2021-12-21 10:23:17.947root 11241100x8000000000000000337913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb1ae4e8fa7c28b2021-12-21 10:23:17.947root 11241100x8000000000000000337914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e014c2b970fd00ea2021-12-21 10:23:17.947root 11241100x8000000000000000337915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32d9fe22e92c4f82021-12-21 10:23:17.948root 11241100x8000000000000000337916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a4256245ab8422021-12-21 10:23:17.948root 11241100x8000000000000000337917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d16406720df2572021-12-21 10:23:17.948root 11241100x8000000000000000337918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5bc36b8ed0368d2021-12-21 10:23:17.948root 11241100x8000000000000000337919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b119e8a99291015f2021-12-21 10:23:17.948root 11241100x8000000000000000337920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafee6607cd9b5122021-12-21 10:23:17.949root 11241100x8000000000000000337921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1f033b2fc8c5a92021-12-21 10:23:17.949root 11241100x8000000000000000337922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b318223d2077fc3c2021-12-21 10:23:17.949root 11241100x8000000000000000337923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e253acbba8cfb722021-12-21 10:23:17.949root 11241100x8000000000000000337924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c40e6819247742021-12-21 10:23:18.443root 11241100x8000000000000000337925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e4643ebf0d722e2021-12-21 10:23:18.443root 11241100x8000000000000000337926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684f0cea2593a4a52021-12-21 10:23:18.443root 11241100x8000000000000000337927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a23fbfe55ea822021-12-21 10:23:18.443root 11241100x8000000000000000337928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95f28addb8c26822021-12-21 10:23:18.443root 11241100x8000000000000000337929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381629c6064bf19f2021-12-21 10:23:18.443root 11241100x8000000000000000337930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf51c4670c5d728a2021-12-21 10:23:18.443root 11241100x8000000000000000337931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f78433acf054d12021-12-21 10:23:18.444root 11241100x8000000000000000337932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b201ea771107b7c2021-12-21 10:23:18.444root 11241100x8000000000000000337933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838ea7975ca85aa02021-12-21 10:23:18.444root 11241100x8000000000000000337934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e03eaa2e6c683f2021-12-21 10:23:18.444root 11241100x8000000000000000337935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100617f11b06d0692021-12-21 10:23:18.444root 11241100x8000000000000000337936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1591d13bd7a7367c2021-12-21 10:23:18.444root 11241100x8000000000000000337937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b443b3b7eb29972021-12-21 10:23:18.444root 11241100x8000000000000000337938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca54b841301bf942021-12-21 10:23:18.444root 11241100x8000000000000000337939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce714724b4483692021-12-21 10:23:18.445root 11241100x8000000000000000337940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fbc78817da4e512021-12-21 10:23:18.445root 11241100x8000000000000000337941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3122ab781127a2b2021-12-21 10:23:18.445root 11241100x8000000000000000337942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fb1138385be4c92021-12-21 10:23:18.445root 11241100x8000000000000000337943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49a5777dbc829252021-12-21 10:23:18.445root 11241100x8000000000000000337944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff3803145566ec2021-12-21 10:23:18.445root 11241100x8000000000000000337945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f3e7eec5791e632021-12-21 10:23:18.445root 11241100x8000000000000000337946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a0d8a27212ecc92021-12-21 10:23:18.445root 11241100x8000000000000000337947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a8df743d3804d92021-12-21 10:23:18.445root 11241100x8000000000000000337948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13ddd7c9859f7e42021-12-21 10:23:18.445root 11241100x8000000000000000337949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0785691adb2a16f32021-12-21 10:23:18.446root 11241100x8000000000000000337950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a51114bf09da9422021-12-21 10:23:18.446root 11241100x8000000000000000337951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22de4ce399136af2021-12-21 10:23:18.446root 11241100x8000000000000000337952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489501896f64c0842021-12-21 10:23:18.446root 11241100x8000000000000000337953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ffde60afc7c29e2021-12-21 10:23:18.446root 11241100x8000000000000000337954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823a4866b5d23fe22021-12-21 10:23:18.447root 11241100x8000000000000000337955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06427fec15be9ea72021-12-21 10:23:18.943root 11241100x8000000000000000337956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cefacd100e90b872021-12-21 10:23:18.943root 11241100x8000000000000000337957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6d219ce00160102021-12-21 10:23:18.943root 11241100x8000000000000000337958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371aed6fd82e69aa2021-12-21 10:23:18.943root 11241100x8000000000000000337959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e35498228730ec2021-12-21 10:23:18.944root 11241100x8000000000000000337960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3e7f3165898a112021-12-21 10:23:18.944root 11241100x8000000000000000337961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d140bae62f4ce79a2021-12-21 10:23:18.944root 11241100x8000000000000000337962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0351359cffe256ff2021-12-21 10:23:18.944root 11241100x8000000000000000337963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0786fc9188710d732021-12-21 10:23:18.944root 11241100x8000000000000000337964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5673ad15490d8e312021-12-21 10:23:18.945root 11241100x8000000000000000337965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf1504bb777bb332021-12-21 10:23:18.945root 11241100x8000000000000000337966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143c3d81e4dec4c92021-12-21 10:23:18.945root 11241100x8000000000000000337967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b60f47342b84522021-12-21 10:23:18.945root 11241100x8000000000000000337968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156d642c535a9e3b2021-12-21 10:23:18.945root 11241100x8000000000000000337969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699f04967452785e2021-12-21 10:23:18.945root 11241100x8000000000000000337970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77fbb6a6e5aa43a2021-12-21 10:23:18.945root 11241100x8000000000000000337971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec010f0a5e099f6e2021-12-21 10:23:18.946root 11241100x8000000000000000337972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d4f13acf24b2a2021-12-21 10:23:18.946root 11241100x8000000000000000337973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2f039381a0dd5c2021-12-21 10:23:18.946root 11241100x8000000000000000337974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f31e437345bb0b2021-12-21 10:23:18.946root 11241100x8000000000000000337975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aeb94fec641ba02021-12-21 10:23:18.946root 11241100x8000000000000000337976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4bc93e216e935a2021-12-21 10:23:18.946root 11241100x8000000000000000337977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761993731143eaef2021-12-21 10:23:18.947root 11241100x8000000000000000337978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7913ab5ea38b4eb42021-12-21 10:23:18.947root 11241100x8000000000000000337979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f836d69b0385b6ee2021-12-21 10:23:18.947root 11241100x8000000000000000337980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b58b7877c26a642021-12-21 10:23:18.947root 11241100x8000000000000000337981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72691ac9b53149e2021-12-21 10:23:18.947root 11241100x8000000000000000337982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613689e321e8203a2021-12-21 10:23:18.947root 11241100x8000000000000000337983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ae5ec8fa1c7372021-12-21 10:23:18.948root 11241100x8000000000000000337984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c341ca696ec54c2021-12-21 10:23:18.948root 11241100x8000000000000000337985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29aa3ac35a9aaac2021-12-21 10:23:19.443root 11241100x8000000000000000337986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7954922a1bfddafb2021-12-21 10:23:19.443root 11241100x8000000000000000337987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756db0748bcb1e232021-12-21 10:23:19.443root 11241100x8000000000000000337988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfb88c23bf5d1302021-12-21 10:23:19.443root 11241100x8000000000000000337989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1adb8564abcc1e2021-12-21 10:23:19.443root 11241100x8000000000000000337990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c9eb8c665d7a012021-12-21 10:23:19.443root 11241100x8000000000000000337991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44212c1a191d0b32021-12-21 10:23:19.443root 11241100x8000000000000000337992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1665532cf909332021-12-21 10:23:19.444root 11241100x8000000000000000337993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7535f024aeeb6c892021-12-21 10:23:19.444root 11241100x8000000000000000337994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b65698b816df3c82021-12-21 10:23:19.444root 11241100x8000000000000000337995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d637bc57ada4c2021-12-21 10:23:19.444root 11241100x8000000000000000337996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb8243f2ae35ece2021-12-21 10:23:19.444root 11241100x8000000000000000337997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc763ffb4b175162021-12-21 10:23:19.444root 11241100x8000000000000000337998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c7a2c08f3d2d8f2021-12-21 10:23:19.444root 11241100x8000000000000000337999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753f0ea7dc3b54f02021-12-21 10:23:19.444root 11241100x8000000000000000338000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2424162e39ffa4e02021-12-21 10:23:19.444root 11241100x8000000000000000338001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778f116cc520b78c2021-12-21 10:23:19.444root 11241100x8000000000000000338002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeef0840d1ad37c02021-12-21 10:23:19.445root 11241100x8000000000000000338003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca73533c9d64e1e52021-12-21 10:23:19.445root 11241100x8000000000000000338004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a6be19efb2ca12021-12-21 10:23:19.445root 11241100x8000000000000000338005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42acde9b9a69b42021-12-21 10:23:19.445root 11241100x8000000000000000338006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0540f395456bbf3f2021-12-21 10:23:19.445root 11241100x8000000000000000338007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f44ee20479e35822021-12-21 10:23:19.445root 11241100x8000000000000000338008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60cb515e720bf52021-12-21 10:23:19.445root 11241100x8000000000000000338009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53e0a81e7fa8d92021-12-21 10:23:19.445root 11241100x8000000000000000338010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd1bac6dae044012021-12-21 10:23:19.446root 11241100x8000000000000000338011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fc3c83a217502f2021-12-21 10:23:19.446root 11241100x8000000000000000338012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ec6734f7d466c12021-12-21 10:23:19.446root 11241100x8000000000000000338013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811412ca6521883f2021-12-21 10:23:19.446root 11241100x8000000000000000338014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fc445e76a49d062021-12-21 10:23:19.446root 11241100x8000000000000000338015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b064312184331d2021-12-21 10:23:19.446root 11241100x8000000000000000338016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d80c0d660ec16672021-12-21 10:23:19.446root 11241100x8000000000000000338017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc187e55fd6e252021-12-21 10:23:19.446root 11241100x8000000000000000338018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5382f89c9b12e0c82021-12-21 10:23:19.942root 11241100x8000000000000000338019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9ba8ec1680f8362021-12-21 10:23:19.943root 11241100x8000000000000000338020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c4b132628be1462021-12-21 10:23:19.943root 11241100x8000000000000000338021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edfeaffd11037e72021-12-21 10:23:19.943root 11241100x8000000000000000338022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac020ffddfd65bdb2021-12-21 10:23:19.944root 11241100x8000000000000000338023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47be0c06cc3caa572021-12-21 10:23:19.944root 11241100x8000000000000000338024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24dd3799919e30c2021-12-21 10:23:19.944root 11241100x8000000000000000338025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc54e1c60ec769e2021-12-21 10:23:19.944root 11241100x8000000000000000338026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd45480435cb074f2021-12-21 10:23:19.944root 11241100x8000000000000000338027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e4229205451152021-12-21 10:23:19.944root 11241100x8000000000000000338028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7753110bf62780a2021-12-21 10:23:19.944root 11241100x8000000000000000338029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b956c75f25487e7c2021-12-21 10:23:19.944root 11241100x8000000000000000338030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bd8364e0df506f2021-12-21 10:23:19.945root 11241100x8000000000000000338031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902bb158e687dacb2021-12-21 10:23:19.945root 11241100x8000000000000000338032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f447abd14f4d412021-12-21 10:23:19.945root 11241100x8000000000000000338033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67638d40fc516022021-12-21 10:23:19.945root 11241100x8000000000000000338034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcc9b0a3bff4aca2021-12-21 10:23:19.945root 11241100x8000000000000000338035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f36a3f6e917f7a32021-12-21 10:23:19.945root 11241100x8000000000000000338036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d734925c97fef92021-12-21 10:23:19.945root 11241100x8000000000000000338037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7b13361972101c2021-12-21 10:23:19.945root 11241100x8000000000000000338038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc7a8d6eae60a152021-12-21 10:23:19.945root 11241100x8000000000000000338039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ba55874ae9f5a52021-12-21 10:23:19.945root 11241100x8000000000000000338040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfeab66426e43882021-12-21 10:23:19.945root 11241100x8000000000000000338041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330ff209b53655232021-12-21 10:23:19.946root 11241100x8000000000000000338042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4e7ef17ed53222021-12-21 10:23:19.946root 11241100x8000000000000000338043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2864a9a07c82f36f2021-12-21 10:23:19.946root 11241100x8000000000000000338044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8cbe75074338142021-12-21 10:23:19.946root 11241100x8000000000000000338045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d392ed876fbada4c2021-12-21 10:23:19.946root 11241100x8000000000000000338046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e0e076c51ddc32021-12-21 10:23:19.946root 11241100x8000000000000000338047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88392d3e9e5f54232021-12-21 10:23:19.946root 11241100x8000000000000000338048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879142a9854487e82021-12-21 10:23:19.946root 11241100x8000000000000000338049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873e227b5b41eea52021-12-21 10:23:19.946root 11241100x8000000000000000338050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb8fb8cadc0765b2021-12-21 10:23:19.946root 11241100x8000000000000000338051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421095b7fae3caa52021-12-21 10:23:19.946root 11241100x8000000000000000338052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1138aabb2e98ad4b2021-12-21 10:23:20.443root 11241100x8000000000000000338053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99635612c556588a2021-12-21 10:23:20.443root 11241100x8000000000000000338054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f392209ac1bde902021-12-21 10:23:20.443root 11241100x8000000000000000338055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00b993140fada372021-12-21 10:23:20.443root 11241100x8000000000000000338056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d593f6dd95e75a2021-12-21 10:23:20.444root 11241100x8000000000000000338057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea76d9046fb2abc2021-12-21 10:23:20.444root 11241100x8000000000000000338058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ae9c9b9ce189c2021-12-21 10:23:20.444root 11241100x8000000000000000338059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fc06cf1fa4c6352021-12-21 10:23:20.444root 11241100x8000000000000000338060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aabe42f8641431a2021-12-21 10:23:20.444root 11241100x8000000000000000338061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101485d3b64b5ec32021-12-21 10:23:20.444root 11241100x8000000000000000338062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78323a90d70486362021-12-21 10:23:20.445root 11241100x8000000000000000338063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c024fb375dfb9a52021-12-21 10:23:20.445root 11241100x8000000000000000338064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21909053cc5217062021-12-21 10:23:20.445root 11241100x8000000000000000338065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f62694e3e1ed49f2021-12-21 10:23:20.445root 11241100x8000000000000000338066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01876dda80fdb4472021-12-21 10:23:20.445root 11241100x8000000000000000338067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4c610934d7d7af2021-12-21 10:23:20.446root 11241100x8000000000000000338068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58563a8f7d93e0af2021-12-21 10:23:20.446root 11241100x8000000000000000338069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96040e6784d3399f2021-12-21 10:23:20.446root 11241100x8000000000000000338070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5551b1e850344c9c2021-12-21 10:23:20.447root 11241100x8000000000000000338071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc35f96301d4b6ab2021-12-21 10:23:20.447root 11241100x8000000000000000338072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec439c41f8c4b0b42021-12-21 10:23:20.447root 11241100x8000000000000000338073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37858e7c3d6fcf22021-12-21 10:23:20.447root 11241100x8000000000000000338074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58382b23dc4198102021-12-21 10:23:20.447root 11241100x8000000000000000338075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a0cc4ecf65a292021-12-21 10:23:20.447root 11241100x8000000000000000338076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24054139af2ed2622021-12-21 10:23:20.447root 11241100x8000000000000000338077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91812158909299332021-12-21 10:23:20.448root 11241100x8000000000000000338078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710e4ea387d0afeb2021-12-21 10:23:20.448root 11241100x8000000000000000338079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1693c2fa64d6bf492021-12-21 10:23:20.448root 11241100x8000000000000000338080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bcbe394bfc0b652021-12-21 10:23:20.448root 11241100x8000000000000000338081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8ec61fd102ef32021-12-21 10:23:20.448root 11241100x8000000000000000338082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22043e0dcc6ebba2021-12-21 10:23:20.448root 11241100x8000000000000000338083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd7ba714f79e56c2021-12-21 10:23:20.448root 11241100x8000000000000000338084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5317f92eaf413a252021-12-21 10:23:20.448root 11241100x8000000000000000338085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a38e8dba8bb6c0d2021-12-21 10:23:20.449root 11241100x8000000000000000338086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d28e22b6566e46d2021-12-21 10:23:20.943root 11241100x8000000000000000338087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1177ecd2307e33692021-12-21 10:23:20.943root 11241100x8000000000000000338088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3198396a94ae84e62021-12-21 10:23:20.944root 11241100x8000000000000000338089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d9a1cf63bcf4c02021-12-21 10:23:20.944root 11241100x8000000000000000338090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2aa8bdec1825a82021-12-21 10:23:20.944root 11241100x8000000000000000338091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f1433e1f5326482021-12-21 10:23:20.945root 11241100x8000000000000000338092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb777c35d267182021-12-21 10:23:20.945root 11241100x8000000000000000338093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c032bc8ea7a714e2021-12-21 10:23:20.945root 11241100x8000000000000000338094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3b96383c4e3bbb2021-12-21 10:23:20.946root 11241100x8000000000000000338095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5192ad1fc045692021-12-21 10:23:20.946root 11241100x8000000000000000338096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77017b04a37425a92021-12-21 10:23:20.946root 11241100x8000000000000000338097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e97b5bfddc7e572021-12-21 10:23:20.946root 11241100x8000000000000000338098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56618d30f16b0f022021-12-21 10:23:20.947root 11241100x8000000000000000338099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8550c3897f9159bf2021-12-21 10:23:20.947root 11241100x8000000000000000338100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03185ca15ebee9e82021-12-21 10:23:20.947root 11241100x8000000000000000338101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1967a615a59430802021-12-21 10:23:20.948root 11241100x8000000000000000338102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ed72e26754b9cd2021-12-21 10:23:20.948root 11241100x8000000000000000338103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa86f29dc329f812021-12-21 10:23:20.948root 11241100x8000000000000000338104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0545876064a9c02021-12-21 10:23:20.948root 11241100x8000000000000000338105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6acaf3c42aa048c2021-12-21 10:23:20.948root 11241100x8000000000000000338106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a448669b07ee0e192021-12-21 10:23:20.949root 11241100x8000000000000000338107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1eb6d86072b4a2021-12-21 10:23:20.949root 11241100x8000000000000000338108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15946736dae921612021-12-21 10:23:20.949root 11241100x8000000000000000338109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf1f31d015f2f6b2021-12-21 10:23:20.949root 11241100x8000000000000000338110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6b8ed475d6d7aa2021-12-21 10:23:20.949root 11241100x8000000000000000338111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c309911fb61845172021-12-21 10:23:20.949root 11241100x8000000000000000338112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3550800c3a063a2021-12-21 10:23:20.950root 11241100x8000000000000000338113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65d54c439cdb88c2021-12-21 10:23:20.950root 11241100x8000000000000000338114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a761f7b6f448e4e92021-12-21 10:23:20.950root 11241100x8000000000000000338115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b79b6f7cc8f12342021-12-21 10:23:20.950root 11241100x8000000000000000338116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4193efe4f17ca5ac2021-12-21 10:23:20.950root 11241100x8000000000000000338117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c24464524f5fd462021-12-21 10:23:21.443root 11241100x8000000000000000338118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baf37d15ab2ef542021-12-21 10:23:21.443root 11241100x8000000000000000338119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6307d2bf1846f42021-12-21 10:23:21.444root 11241100x8000000000000000338120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c832811c8dc2262021-12-21 10:23:21.444root 11241100x8000000000000000338121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c3b44ea7a7fa152021-12-21 10:23:21.444root 11241100x8000000000000000338122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db72df351b97a4372021-12-21 10:23:21.444root 11241100x8000000000000000338123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d0f9ba5bc18fdb2021-12-21 10:23:21.445root 11241100x8000000000000000338124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67811055ce8d4cd92021-12-21 10:23:21.445root 11241100x8000000000000000338125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5a127d826103872021-12-21 10:23:21.445root 11241100x8000000000000000338126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c881d49bac687b472021-12-21 10:23:21.445root 11241100x8000000000000000338127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa933a265a28b0d2021-12-21 10:23:21.446root 11241100x8000000000000000338128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4fde1ecd0b54e32021-12-21 10:23:21.446root 11241100x8000000000000000338129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062dfbf268e397cc2021-12-21 10:23:21.446root 11241100x8000000000000000338130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005b8e71478fd4fc2021-12-21 10:23:21.446root 11241100x8000000000000000338131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903cc1cb510145452021-12-21 10:23:21.446root 11241100x8000000000000000338132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d301ee4f2c98365b2021-12-21 10:23:21.447root 11241100x8000000000000000338133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a29c2282b92bfb2021-12-21 10:23:21.447root 11241100x8000000000000000338134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3d8c626aba28ea2021-12-21 10:23:21.447root 11241100x8000000000000000338135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be33a8e73265fb9b2021-12-21 10:23:21.448root 11241100x8000000000000000338136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c96c1153af7f672021-12-21 10:23:21.448root 11241100x8000000000000000338137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680e996c541fa2942021-12-21 10:23:21.448root 11241100x8000000000000000338138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355e0dadcc6616812021-12-21 10:23:21.448root 11241100x8000000000000000338139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4821ae058a5b1cbd2021-12-21 10:23:21.448root 11241100x8000000000000000338140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058c30fa0fdbeda2021-12-21 10:23:21.448root 11241100x8000000000000000338141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5e15a5ef8957b52021-12-21 10:23:21.448root 11241100x8000000000000000338142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c3d13ac21c6712021-12-21 10:23:21.448root 11241100x8000000000000000338143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5cffb85bec2f172021-12-21 10:23:21.449root 11241100x8000000000000000338144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327887eec0bac8662021-12-21 10:23:21.449root 11241100x8000000000000000338145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995ab14a3385d2e92021-12-21 10:23:21.449root 11241100x8000000000000000338146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce49549182342cb22021-12-21 10:23:21.449root 11241100x8000000000000000338147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf3c47395d4c60a2021-12-21 10:23:21.449root 11241100x8000000000000000338148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961ae75e6d69a8692021-12-21 10:23:21.449root 11241100x8000000000000000338149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3455cdece0bb5482021-12-21 10:23:21.943root 11241100x8000000000000000338150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a5b30ed9b767c42021-12-21 10:23:21.943root 11241100x8000000000000000338151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766840dad8ffc6f82021-12-21 10:23:21.943root 11241100x8000000000000000338152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169fad29b21996352021-12-21 10:23:21.943root 11241100x8000000000000000338153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb59581be4081b12021-12-21 10:23:21.943root 11241100x8000000000000000338154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61a200377750422021-12-21 10:23:21.944root 11241100x8000000000000000338155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b9903f625890942021-12-21 10:23:21.944root 11241100x8000000000000000338156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2e3c4ab81653a82021-12-21 10:23:21.944root 11241100x8000000000000000338157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04fe34030a3bae42021-12-21 10:23:21.944root 11241100x8000000000000000338158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be42ee23d150e17f2021-12-21 10:23:21.944root 11241100x8000000000000000338159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b7089cb88e3ccc2021-12-21 10:23:21.945root 11241100x8000000000000000338160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1f4590d473a7a62021-12-21 10:23:21.945root 11241100x8000000000000000338161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3042e7a938e5b342021-12-21 10:23:21.945root 11241100x8000000000000000338162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675a715266a3a5ed2021-12-21 10:23:21.945root 11241100x8000000000000000338163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5a67c7d073b4e22021-12-21 10:23:21.946root 11241100x8000000000000000338164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4ad3325cfeb8b02021-12-21 10:23:21.946root 11241100x8000000000000000338165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2927c4a0029347a2021-12-21 10:23:21.946root 11241100x8000000000000000338166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cdb818eeaf44902021-12-21 10:23:21.947root 11241100x8000000000000000338167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8a43e80648418d2021-12-21 10:23:21.947root 11241100x8000000000000000338168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bfe48bb0a19fce2021-12-21 10:23:21.947root 11241100x8000000000000000338169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0138e6fe872c20912021-12-21 10:23:21.947root 11241100x8000000000000000338170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b602fdb00bfd65d2021-12-21 10:23:21.947root 11241100x8000000000000000338171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764947e102848fca2021-12-21 10:23:21.947root 11241100x8000000000000000338172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9204808a606f6972021-12-21 10:23:21.948root 11241100x8000000000000000338173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe61dc449d65c1d2021-12-21 10:23:21.948root 11241100x8000000000000000338174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99228b57684891d52021-12-21 10:23:21.948root 11241100x8000000000000000338175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d254a7caa806b2021-12-21 10:23:21.948root 11241100x8000000000000000338176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99c2f233c6639692021-12-21 10:23:21.948root 11241100x8000000000000000338177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab0a05852e473892021-12-21 10:23:21.948root 11241100x8000000000000000338178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc94e364e363f442021-12-21 10:23:21.948root 11241100x8000000000000000338179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf92db3a1590dfb2021-12-21 10:23:22.443root 11241100x8000000000000000338180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59ca1ae9ede3092021-12-21 10:23:22.443root 11241100x8000000000000000338181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2a4e9f478f379c2021-12-21 10:23:22.443root 11241100x8000000000000000338182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d50f9b0b35c89b2021-12-21 10:23:22.443root 11241100x8000000000000000338183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06034752244d2602021-12-21 10:23:22.443root 11241100x8000000000000000338184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b54b726a57a67312021-12-21 10:23:22.444root 11241100x8000000000000000338185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308d5a3bdcbe71302021-12-21 10:23:22.444root 11241100x8000000000000000338186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efb451ce21ffc862021-12-21 10:23:22.444root 11241100x8000000000000000338187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63908e2d9fd3d232021-12-21 10:23:22.444root 11241100x8000000000000000338188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b64ff35bf9f3ea2021-12-21 10:23:22.444root 11241100x8000000000000000338189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7038b35c453ef6a02021-12-21 10:23:22.444root 11241100x8000000000000000338190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a994a5cb402950842021-12-21 10:23:22.445root 11241100x8000000000000000338191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42f9d2d31dbd06e2021-12-21 10:23:22.445root 11241100x8000000000000000338192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a206d6ddf7c6a23f2021-12-21 10:23:22.445root 11241100x8000000000000000338193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df21d14524b02e32021-12-21 10:23:22.445root 11241100x8000000000000000338194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9274224275dd8da2021-12-21 10:23:22.445root 11241100x8000000000000000338195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4090108e35104aed2021-12-21 10:23:22.446root 11241100x8000000000000000338196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7010c16324b8562021-12-21 10:23:22.446root 11241100x8000000000000000338197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a9df47f89b65ac2021-12-21 10:23:22.446root 11241100x8000000000000000338198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf8a5e468e400862021-12-21 10:23:22.446root 11241100x8000000000000000338199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578368ecf8f1c8952021-12-21 10:23:22.447root 11241100x8000000000000000338200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46248688deb418852021-12-21 10:23:22.447root 11241100x8000000000000000338201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23b0ca1107738022021-12-21 10:23:22.447root 11241100x8000000000000000338202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313bbdbf01495e792021-12-21 10:23:22.447root 11241100x8000000000000000338203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac1b0c79f2143102021-12-21 10:23:22.447root 11241100x8000000000000000338204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151aba9dde9df1af2021-12-21 10:23:22.447root 11241100x8000000000000000338205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a465383d54a195a52021-12-21 10:23:22.447root 11241100x8000000000000000338206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9018fbfc4c3ac29f2021-12-21 10:23:22.447root 11241100x8000000000000000338207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12eb0e1128e39842021-12-21 10:23:22.448root 11241100x8000000000000000338208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca8df258c75e1732021-12-21 10:23:22.448root 11241100x8000000000000000338209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f8607a8c2bd85b2021-12-21 10:23:22.448root 11241100x8000000000000000338210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77200b8a77ef4722021-12-21 10:23:22.448root 11241100x8000000000000000338211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939e12bec7eb7d752021-12-21 10:23:22.448root 11241100x8000000000000000338212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a496e63060bf8d2021-12-21 10:23:22.448root 11241100x8000000000000000338213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343202641e7720132021-12-21 10:23:22.449root 11241100x8000000000000000338214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099aef4f333589e2021-12-21 10:23:22.943root 11241100x8000000000000000338215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7140d80444cc47d22021-12-21 10:23:22.943root 11241100x8000000000000000338216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ee43341962cd0d2021-12-21 10:23:22.944root 11241100x8000000000000000338217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6c3f86c13ebf7d2021-12-21 10:23:22.944root 11241100x8000000000000000338218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc70e2e9a17bc642021-12-21 10:23:22.944root 11241100x8000000000000000338219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15135b23e5c520e2021-12-21 10:23:22.944root 11241100x8000000000000000338220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5ec994bb9fb8022021-12-21 10:23:22.944root 11241100x8000000000000000338221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0563dc886cd3aa2021-12-21 10:23:22.945root 11241100x8000000000000000338222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70354f9643398772021-12-21 10:23:22.945root 11241100x8000000000000000338223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae51a956cadaa7282021-12-21 10:23:22.945root 11241100x8000000000000000338224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfbbfa18ae979782021-12-21 10:23:22.945root 11241100x8000000000000000338225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dfb56a28ea3cd02021-12-21 10:23:22.945root 11241100x8000000000000000338226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0354a0505f7d5cbe2021-12-21 10:23:22.945root 11241100x8000000000000000338227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a7215305bfbd922021-12-21 10:23:22.945root 11241100x8000000000000000338228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc1588de0e03dad2021-12-21 10:23:22.946root 11241100x8000000000000000338229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870c2e20877655ee2021-12-21 10:23:22.946root 11241100x8000000000000000338230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d65d9e8d1eb4a132021-12-21 10:23:22.946root 11241100x8000000000000000338231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d53ab270acf0c2021-12-21 10:23:22.946root 11241100x8000000000000000338232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d3aa4b21e6cf292021-12-21 10:23:22.947root 11241100x8000000000000000338233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025dd45edfefdb482021-12-21 10:23:22.947root 11241100x8000000000000000338234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b60f24ec82aaae2021-12-21 10:23:22.947root 11241100x8000000000000000338235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc09d2e8b4e2000d2021-12-21 10:23:22.947root 11241100x8000000000000000338236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9485b23621fcc3062021-12-21 10:23:22.947root 11241100x8000000000000000338237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb1b678a40eb3a92021-12-21 10:23:22.947root 11241100x8000000000000000338238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c8e34cb66818b2021-12-21 10:23:22.947root 11241100x8000000000000000338239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14daf0f4e326d5792021-12-21 10:23:22.948root 11241100x8000000000000000338240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc20cce8cbbce82021-12-21 10:23:22.948root 11241100x8000000000000000338241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca186d8ebdf5d522021-12-21 10:23:22.948root 11241100x8000000000000000338242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247222f90cc7ba4f2021-12-21 10:23:22.948root 11241100x8000000000000000338243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab24d5b88a2913a92021-12-21 10:23:22.948root 11241100x8000000000000000338244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ca8cbd1647e1ea2021-12-21 10:23:22.948root 11241100x8000000000000000338245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6f2a13bfb324c92021-12-21 10:23:22.949root 11241100x8000000000000000338246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04db7451f3fcfb1d2021-12-21 10:23:22.949root 11241100x8000000000000000338247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff18f459c769f28c2021-12-21 10:23:22.949root 354300x8000000000000000338248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.014{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47026-false10.0.1.12-8000- 11241100x8000000000000000338249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d9a0d5bc01d85c2021-12-21 10:23:23.443root 11241100x8000000000000000338250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0dc88466f22dab2021-12-21 10:23:23.443root 11241100x8000000000000000338251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d224465c0b4c5832021-12-21 10:23:23.443root 11241100x8000000000000000338252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a4254ea5a9f82a2021-12-21 10:23:23.443root 11241100x8000000000000000338253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b77286dc5a328a2021-12-21 10:23:23.444root 11241100x8000000000000000338254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de1fe3d82d61b7f2021-12-21 10:23:23.444root 11241100x8000000000000000338255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b482217fd5e242da2021-12-21 10:23:23.444root 11241100x8000000000000000338256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b85625fd9733cb2021-12-21 10:23:23.444root 11241100x8000000000000000338257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ba15f54f88b0822021-12-21 10:23:23.444root 11241100x8000000000000000338258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4532b27ffcdded92021-12-21 10:23:23.444root 11241100x8000000000000000338259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91f33481805fae92021-12-21 10:23:23.445root 11241100x8000000000000000338260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6611fa4ea8d567e2021-12-21 10:23:23.445root 11241100x8000000000000000338261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c70daffda7dad82021-12-21 10:23:23.445root 11241100x8000000000000000338262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ed7628811a75c22021-12-21 10:23:23.445root 11241100x8000000000000000338263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c33644fd287da82021-12-21 10:23:23.445root 11241100x8000000000000000338264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2ee8760dfc9e4b2021-12-21 10:23:23.445root 11241100x8000000000000000338265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151dfed79fb1eb422021-12-21 10:23:23.445root 11241100x8000000000000000338266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bcaf45b86c26fe2021-12-21 10:23:23.446root 11241100x8000000000000000338267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e4ccc490690a032021-12-21 10:23:23.446root 11241100x8000000000000000338268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b013d6069ab45f2021-12-21 10:23:23.449root 11241100x8000000000000000338269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742252fb958d1c42021-12-21 10:23:23.450root 11241100x8000000000000000338270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211e90a51d925e902021-12-21 10:23:23.450root 11241100x8000000000000000338271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62a81a9a0e70882021-12-21 10:23:23.450root 11241100x8000000000000000338272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f76b45b2c4d8962021-12-21 10:23:23.450root 11241100x8000000000000000338273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5da41ddb605a262021-12-21 10:23:23.450root 11241100x8000000000000000338274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2dda547a25241a2021-12-21 10:23:23.450root 11241100x8000000000000000338275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dadca69981d2c72021-12-21 10:23:23.450root 11241100x8000000000000000338276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bafc46290173f62021-12-21 10:23:23.450root 11241100x8000000000000000338277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d7112dc7ae75a2021-12-21 10:23:23.451root 11241100x8000000000000000338278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeadeb56e45fba082021-12-21 10:23:23.451root 11241100x8000000000000000338279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29777c5f34203d92021-12-21 10:23:23.451root 11241100x8000000000000000338280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0b1cc3670612ff2021-12-21 10:23:23.451root 11241100x8000000000000000338281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a6f501320da36a2021-12-21 10:23:23.451root 11241100x8000000000000000338282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52553c8f05fbd3f2021-12-21 10:23:23.451root 11241100x8000000000000000338283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87b0c167339980f2021-12-21 10:23:23.943root 11241100x8000000000000000338284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78a0bd09bcec062021-12-21 10:23:23.943root 11241100x8000000000000000338285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7003aad3372fddb22021-12-21 10:23:23.943root 11241100x8000000000000000338286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3da061f032253d62021-12-21 10:23:23.943root 11241100x8000000000000000338287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f91c29e9999c12021-12-21 10:23:23.943root 11241100x8000000000000000338288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02555c7a88817962021-12-21 10:23:23.943root 11241100x8000000000000000338289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2638e980a844af22021-12-21 10:23:23.944root 11241100x8000000000000000338290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684bb63d917ae1c22021-12-21 10:23:23.944root 11241100x8000000000000000338291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10899e5eb3fd1a6c2021-12-21 10:23:23.944root 11241100x8000000000000000338292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a10d8f0e863144c2021-12-21 10:23:23.944root 11241100x8000000000000000338293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373c2a9431688dd32021-12-21 10:23:23.944root 11241100x8000000000000000338294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1caf5da0b6d0932021-12-21 10:23:23.944root 11241100x8000000000000000338295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5edf396219b9fbf2021-12-21 10:23:23.944root 11241100x8000000000000000338296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026b42594feb4b182021-12-21 10:23:23.945root 11241100x8000000000000000338297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696fc5ae54c834952021-12-21 10:23:23.945root 11241100x8000000000000000338298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc9d50fa08cef122021-12-21 10:23:23.945root 11241100x8000000000000000338299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20207fa04367a142021-12-21 10:23:23.945root 11241100x8000000000000000338300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310fddabf39c78172021-12-21 10:23:23.945root 11241100x8000000000000000338301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881725a7a2416682021-12-21 10:23:23.945root 11241100x8000000000000000338302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e74a2ae5832243f2021-12-21 10:23:23.945root 11241100x8000000000000000338303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94506596c93aaf2c2021-12-21 10:23:23.946root 11241100x8000000000000000338304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199cd7a2e31207022021-12-21 10:23:23.946root 11241100x8000000000000000338305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8acc06be6e66b4e2021-12-21 10:23:23.946root 11241100x8000000000000000338306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebbfa93c1475b532021-12-21 10:23:23.946root 11241100x8000000000000000338307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d4562094efe1dc2021-12-21 10:23:23.946root 11241100x8000000000000000338308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045e248bf44b73a2021-12-21 10:23:23.946root 11241100x8000000000000000338309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2a4dbe25e863d92021-12-21 10:23:23.946root 11241100x8000000000000000338310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae8ae546c0ae3cf2021-12-21 10:23:23.947root 11241100x8000000000000000338311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d271a8628d263c402021-12-21 10:23:23.947root 11241100x8000000000000000338312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b11e75967f331a2021-12-21 10:23:23.947root 11241100x8000000000000000338313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ac11e2ecaf3e782021-12-21 10:23:23.947root 11241100x8000000000000000338314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b5a915592b68192021-12-21 10:23:23.947root 11241100x8000000000000000338315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd93128cbd5f8a42021-12-21 10:23:23.947root 11241100x8000000000000000338316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e1cc608e81ebad2021-12-21 10:23:23.947root 11241100x8000000000000000338317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b806a824d8ce1152021-12-21 10:23:23.948root 11241100x8000000000000000338318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4353e151178c4ee2021-12-21 10:23:23.948root 11241100x8000000000000000338319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ad311809ccfb3c2021-12-21 10:23:23.948root 11241100x8000000000000000338320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd5460d7318ba602021-12-21 10:23:24.443root 11241100x8000000000000000338321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4e40341ef587702021-12-21 10:23:24.443root 11241100x8000000000000000338322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0346603cfbe732a2021-12-21 10:23:24.444root 11241100x8000000000000000338323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba290618d4a95842021-12-21 10:23:24.444root 11241100x8000000000000000338324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650b602e8a8748122021-12-21 10:23:24.444root 11241100x8000000000000000338325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811c644194101d082021-12-21 10:23:24.444root 11241100x8000000000000000338326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f00a90153358a2021-12-21 10:23:24.444root 11241100x8000000000000000338327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98bb4ac51ba27792021-12-21 10:23:24.444root 11241100x8000000000000000338328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a49c387488ce412021-12-21 10:23:24.444root 11241100x8000000000000000338329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d4cbcfcf048fdf2021-12-21 10:23:24.444root 11241100x8000000000000000338330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9a2036241e6e792021-12-21 10:23:24.445root 11241100x8000000000000000338331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be777c3b2904b32021-12-21 10:23:24.445root 11241100x8000000000000000338332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2992232b115c68cc2021-12-21 10:23:24.445root 11241100x8000000000000000338333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc098234ab7120132021-12-21 10:23:24.446root 11241100x8000000000000000338334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4846c8ba6d774cb52021-12-21 10:23:24.446root 11241100x8000000000000000338335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372613f4b7a8c5bc2021-12-21 10:23:24.446root 11241100x8000000000000000338336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5045239460ade7d72021-12-21 10:23:24.446root 11241100x8000000000000000338337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f123c18c2a7515812021-12-21 10:23:24.446root 11241100x8000000000000000338338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06135dcd4c50e872021-12-21 10:23:24.447root 11241100x8000000000000000338339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3fd25f0f51d712021-12-21 10:23:24.447root 11241100x8000000000000000338340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480192b555af901a2021-12-21 10:23:24.447root 11241100x8000000000000000338341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f4352e13095be32021-12-21 10:23:24.447root 11241100x8000000000000000338342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbbaf27a6042cf52021-12-21 10:23:24.448root 11241100x8000000000000000338343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767d3a11a19059f72021-12-21 10:23:24.448root 11241100x8000000000000000338344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f7dc1537fb06c22021-12-21 10:23:24.448root 11241100x8000000000000000338345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0afb5bb5869a092021-12-21 10:23:24.448root 11241100x8000000000000000338346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da1dbdce02ee5db2021-12-21 10:23:24.448root 11241100x8000000000000000338347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd01570cd504ecb2021-12-21 10:23:24.448root 11241100x8000000000000000338348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b19a6ee986ed82021-12-21 10:23:24.448root 11241100x8000000000000000338349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd4ffe3b392d00f2021-12-21 10:23:24.448root 11241100x8000000000000000338350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e5fed085db51742021-12-21 10:23:24.449root 11241100x8000000000000000338351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ba9286142f2ed2021-12-21 10:23:24.943root 11241100x8000000000000000338352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b465f6e385b67b2021-12-21 10:23:24.943root 11241100x8000000000000000338353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98b46f6138d5c242021-12-21 10:23:24.943root 11241100x8000000000000000338354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9fcbf0c442149b2021-12-21 10:23:24.944root 11241100x8000000000000000338355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dae76b091e25e6b2021-12-21 10:23:24.944root 11241100x8000000000000000338356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e62dfa8759a2cf2021-12-21 10:23:24.944root 11241100x8000000000000000338357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596464c1da94008a2021-12-21 10:23:24.944root 11241100x8000000000000000338358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763320071cc9102c2021-12-21 10:23:24.944root 11241100x8000000000000000338359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddbd1a0dba9edb32021-12-21 10:23:24.944root 11241100x8000000000000000338360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454ecefe40ab0362021-12-21 10:23:24.944root 11241100x8000000000000000338361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa52d4d542e0aebc2021-12-21 10:23:24.944root 11241100x8000000000000000338362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517f26794cc6daef2021-12-21 10:23:24.945root 11241100x8000000000000000338363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e885d57fedd36e2021-12-21 10:23:24.945root 11241100x8000000000000000338364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa488ec43988b672021-12-21 10:23:24.945root 11241100x8000000000000000338365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0f10769a4b500e2021-12-21 10:23:24.945root 11241100x8000000000000000338366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d08a2f4c53b6f2021-12-21 10:23:24.945root 11241100x8000000000000000338367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32969786d8823712021-12-21 10:23:24.945root 11241100x8000000000000000338368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccfa73c1e1c5e8b2021-12-21 10:23:24.945root 11241100x8000000000000000338369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcfa89afffe4d3c2021-12-21 10:23:24.945root 11241100x8000000000000000338370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca318c856375c9cd2021-12-21 10:23:24.945root 11241100x8000000000000000338371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf3c85d3dacc84e2021-12-21 10:23:24.945root 11241100x8000000000000000338372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c89f3b6a2e426232021-12-21 10:23:24.946root 11241100x8000000000000000338373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1701657181328e2021-12-21 10:23:24.946root 11241100x8000000000000000338374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c21a9646a56c5b2021-12-21 10:23:24.946root 11241100x8000000000000000338375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cc457b51b9e3bf2021-12-21 10:23:24.946root 11241100x8000000000000000338376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9560c11c9d4e1b2021-12-21 10:23:24.946root 11241100x8000000000000000338377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dd03ee226ea0672021-12-21 10:23:24.946root 11241100x8000000000000000338378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969153d1a0c0176b2021-12-21 10:23:24.946root 11241100x8000000000000000338379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e350c0c47e96202021-12-21 10:23:24.946root 11241100x8000000000000000338380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cbe55542af34012021-12-21 10:23:24.947root 11241100x8000000000000000338381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb16be95b13220e2021-12-21 10:23:24.947root 11241100x8000000000000000338382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83460f95b02531372021-12-21 10:23:24.947root 11241100x8000000000000000338383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe7dbb82528226f2021-12-21 10:23:24.947root 11241100x8000000000000000338384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8886ce214866c6582021-12-21 10:23:24.948root 11241100x8000000000000000338385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c3bf394cda9d132021-12-21 10:23:24.948root 354300x8000000000000000338386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.081{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34092-false10.0.1.12-8089- 11241100x8000000000000000338387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41a1b77aec201cc2021-12-21 10:23:25.443root 11241100x8000000000000000338388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930d0c81d1b38a572021-12-21 10:23:25.443root 11241100x8000000000000000338389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c488f2d2f72d213d2021-12-21 10:23:25.444root 11241100x8000000000000000338390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f72ab819b57d8862021-12-21 10:23:25.444root 11241100x8000000000000000338391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6cc200b0d57e022021-12-21 10:23:25.444root 11241100x8000000000000000338392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2a1b19e91a58ff2021-12-21 10:23:25.444root 11241100x8000000000000000338393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918ffc14b398e9b2021-12-21 10:23:25.444root 11241100x8000000000000000338394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e623ffce54344b82021-12-21 10:23:25.444root 11241100x8000000000000000338395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0346d3fdb586b82021-12-21 10:23:25.444root 11241100x8000000000000000338396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed337b4303460902021-12-21 10:23:25.445root 11241100x8000000000000000338397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d5300f8170be072021-12-21 10:23:25.445root 11241100x8000000000000000338398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c2da6854e15c32021-12-21 10:23:25.445root 11241100x8000000000000000338399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aeaf0cd10394622021-12-21 10:23:25.445root 11241100x8000000000000000338400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d38c7ce4c5e992021-12-21 10:23:25.445root 11241100x8000000000000000338401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f5154b880196a2021-12-21 10:23:25.446root 11241100x8000000000000000338402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103cd24190bdb17d2021-12-21 10:23:25.446root 11241100x8000000000000000338403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87056d95bb005c2021-12-21 10:23:25.446root 11241100x8000000000000000338404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff9c83fc50662492021-12-21 10:23:25.446root 11241100x8000000000000000338405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a320ee795432f72021-12-21 10:23:25.446root 11241100x8000000000000000338406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419213a8bab5e5c2021-12-21 10:23:25.447root 11241100x8000000000000000338407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6af70072d5cd9272021-12-21 10:23:25.447root 11241100x8000000000000000338408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6180bea44fa2a532021-12-21 10:23:25.447root 11241100x8000000000000000338409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bd094527cd76e32021-12-21 10:23:25.447root 11241100x8000000000000000338410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365b5e673e1d24042021-12-21 10:23:25.448root 11241100x8000000000000000338411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39dbe76866d0b662021-12-21 10:23:25.448root 11241100x8000000000000000338412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d60981a58d1ab2021-12-21 10:23:25.448root 11241100x8000000000000000338413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc92e327aa9cb3b2021-12-21 10:23:25.448root 11241100x8000000000000000338414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dde09df073ff212021-12-21 10:23:25.449root 11241100x8000000000000000338415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d07dd2050df653c2021-12-21 10:23:25.449root 11241100x8000000000000000338416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefcb6f43e167a7e2021-12-21 10:23:25.449root 11241100x8000000000000000338417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533914b39b2c5e62021-12-21 10:23:25.449root 11241100x8000000000000000338418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd6f2ec83e4165e2021-12-21 10:23:25.449root 11241100x8000000000000000338419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd60f303e8f10ea2021-12-21 10:23:25.449root 11241100x8000000000000000338420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa12a68bb01f7512021-12-21 10:23:25.449root 11241100x8000000000000000338421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ddc5fdf7f2be6a2021-12-21 10:23:25.450root 11241100x8000000000000000338422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2badf03da2743f972021-12-21 10:23:25.450root 11241100x8000000000000000338423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29d9c031b3257572021-12-21 10:23:25.943root 11241100x8000000000000000338424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f15a71281f4e84b2021-12-21 10:23:25.943root 11241100x8000000000000000338425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f59f7f529230292021-12-21 10:23:25.943root 11241100x8000000000000000338426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f905dbba0b14772021-12-21 10:23:25.943root 11241100x8000000000000000338427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8221ad67703837b32021-12-21 10:23:25.943root 11241100x8000000000000000338428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadaca7ab25598682021-12-21 10:23:25.943root 11241100x8000000000000000338429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3c8045063d1b422021-12-21 10:23:25.944root 11241100x8000000000000000338430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d03af9ab6e8dc342021-12-21 10:23:25.944root 11241100x8000000000000000338431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb52b59d697b4fd72021-12-21 10:23:25.944root 11241100x8000000000000000338432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c1aedc7cf4ce0a2021-12-21 10:23:25.945root 11241100x8000000000000000338433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aac146d5c69f132021-12-21 10:23:25.945root 11241100x8000000000000000338434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b7c40430f2f7eb2021-12-21 10:23:25.945root 11241100x8000000000000000338435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ff4d1f07158b052021-12-21 10:23:25.945root 11241100x8000000000000000338436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b701fdbe3505b22021-12-21 10:23:25.945root 11241100x8000000000000000338437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8d205a245293492021-12-21 10:23:25.946root 11241100x8000000000000000338438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cea920cbb64a7b2021-12-21 10:23:25.946root 11241100x8000000000000000338439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20d2c08dc24e702021-12-21 10:23:25.946root 11241100x8000000000000000338440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea28e2ca5e27e2cd2021-12-21 10:23:25.947root 11241100x8000000000000000338441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf956c0edb203c2021-12-21 10:23:25.947root 11241100x8000000000000000338442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2887245690094a2021-12-21 10:23:25.948root 11241100x8000000000000000338443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdb998fb55a36232021-12-21 10:23:25.948root 11241100x8000000000000000338444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa30a9480e2fc86d2021-12-21 10:23:25.948root 11241100x8000000000000000338445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c3e6fade110b12021-12-21 10:23:25.949root 11241100x8000000000000000338446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdab000303ce44452021-12-21 10:23:25.949root 11241100x8000000000000000338447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4323f61c540d0a02021-12-21 10:23:25.949root 11241100x8000000000000000338448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf76b3456686d542021-12-21 10:23:25.949root 11241100x8000000000000000338449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f6e10cff7f2972021-12-21 10:23:25.949root 11241100x8000000000000000338450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca1375f94b419972021-12-21 10:23:25.949root 11241100x8000000000000000338451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d4321a193b73c82021-12-21 10:23:25.950root 11241100x8000000000000000338452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7655ee50f5cbcc522021-12-21 10:23:25.950root 11241100x8000000000000000338453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647114defb0a88882021-12-21 10:23:25.950root 11241100x8000000000000000338454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36eaba3bdd1a7e62021-12-21 10:23:25.950root 11241100x8000000000000000338455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6185de6e09160d972021-12-21 10:23:25.951root 11241100x8000000000000000338456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659d484e2c175ba82021-12-21 10:23:25.951root 11241100x8000000000000000338457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e4b526bc68d5692021-12-21 10:23:25.951root 11241100x8000000000000000338458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d80a8c8ee27b3792021-12-21 10:23:25.951root 11241100x8000000000000000338459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755e226caa7d312e2021-12-21 10:23:25.951root 11241100x8000000000000000338460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c4c0d1b00dd25a2021-12-21 10:23:25.952root 11241100x8000000000000000338461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50656e07caf7d34f2021-12-21 10:23:25.952root 11241100x8000000000000000338462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa5d7a4196eb362021-12-21 10:23:25.952root 11241100x8000000000000000338463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e95cbbcc83932382021-12-21 10:23:25.952root 11241100x8000000000000000338464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c072d66f07d06a9e2021-12-21 10:23:25.952root 11241100x8000000000000000338465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193d3d6b56f7e672021-12-21 10:23:26.443root 11241100x8000000000000000338466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ae38213b7bc7c2021-12-21 10:23:26.443root 11241100x8000000000000000338467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86de3bb3179c242021-12-21 10:23:26.443root 11241100x8000000000000000338468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c503fe5899513142021-12-21 10:23:26.443root 11241100x8000000000000000338469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e4323ba29305ca2021-12-21 10:23:26.443root 11241100x8000000000000000338470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97f6cf25f903682021-12-21 10:23:26.443root 11241100x8000000000000000338471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e7dc720569c852021-12-21 10:23:26.444root 11241100x8000000000000000338472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f3a5c42c39dfc2021-12-21 10:23:26.444root 11241100x8000000000000000338473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6587f00c2c729902021-12-21 10:23:26.444root 11241100x8000000000000000338474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ccc0f228ee9202021-12-21 10:23:26.444root 11241100x8000000000000000338475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9959c90b8fb255a12021-12-21 10:23:26.444root 11241100x8000000000000000338476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db18806336d88ffa2021-12-21 10:23:26.444root 11241100x8000000000000000338477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67cb2bd800af2042021-12-21 10:23:26.444root 11241100x8000000000000000338478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a43bddfc3e146b2021-12-21 10:23:26.444root 11241100x8000000000000000338479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cd0dc4dec37a042021-12-21 10:23:26.445root 11241100x8000000000000000338480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7562a1c72911c32021-12-21 10:23:26.445root 11241100x8000000000000000338481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d92e54ccf6a5f6c2021-12-21 10:23:26.445root 11241100x8000000000000000338482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2d6f87d31c162a2021-12-21 10:23:26.445root 11241100x8000000000000000338483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5439388da462f4012021-12-21 10:23:26.446root 11241100x8000000000000000338484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1850ca76bd528a2021-12-21 10:23:26.446root 11241100x8000000000000000338485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4610ccfe9c78d92021-12-21 10:23:26.446root 11241100x8000000000000000338486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a143a4f4a470a12021-12-21 10:23:26.446root 11241100x8000000000000000338487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ce7ec70837c6fa2021-12-21 10:23:26.446root 11241100x8000000000000000338488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c817a5696cef635f2021-12-21 10:23:26.447root 11241100x8000000000000000338489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596e1bb456f5eb862021-12-21 10:23:26.447root 11241100x8000000000000000338490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa26145e852fd42021-12-21 10:23:26.447root 11241100x8000000000000000338491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792c4553920a844b2021-12-21 10:23:26.447root 11241100x8000000000000000338492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1204af4614521f032021-12-21 10:23:26.447root 11241100x8000000000000000338493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d7771cf46d677a2021-12-21 10:23:26.447root 11241100x8000000000000000338494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894f7ac2bcf9145b2021-12-21 10:23:26.447root 11241100x8000000000000000338495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a463bca6856442021-12-21 10:23:26.447root 11241100x8000000000000000338496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f191caef158f350a2021-12-21 10:23:26.448root 11241100x8000000000000000338497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bac22a0cc8b5352021-12-21 10:23:26.448root 11241100x8000000000000000338498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2078223f04aab3fd2021-12-21 10:23:26.448root 11241100x8000000000000000338499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5beb0c07b0c2d2021-12-21 10:23:26.448root 11241100x8000000000000000338500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5766e350f4c0f2f2021-12-21 10:23:26.448root 11241100x8000000000000000338501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493288d296c355fd2021-12-21 10:23:26.448root 11241100x8000000000000000338502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a066aa832bdc4212021-12-21 10:23:26.448root 11241100x8000000000000000338503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10525e3158af873e2021-12-21 10:23:26.448root 11241100x8000000000000000338504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a64836a44343322021-12-21 10:23:26.449root 11241100x8000000000000000338505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109f28eadfaee33d2021-12-21 10:23:26.449root 11241100x8000000000000000338506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c45eff82bc93ce52021-12-21 10:23:26.449root 11241100x8000000000000000338507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1451938a6c804ce2021-12-21 10:23:26.449root 11241100x8000000000000000338508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838fa25896f151182021-12-21 10:23:26.449root 11241100x8000000000000000338509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513ddd23ab52058e2021-12-21 10:23:26.449root 11241100x8000000000000000338510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f93d118c0df2d62021-12-21 10:23:26.449root 11241100x8000000000000000338511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259919a8a8e97f1c2021-12-21 10:23:26.943root 11241100x8000000000000000338512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86578d63143910102021-12-21 10:23:26.943root 11241100x8000000000000000338513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73396a66c16126a2021-12-21 10:23:26.943root 11241100x8000000000000000338514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f794d9db7e0b7162021-12-21 10:23:26.943root 11241100x8000000000000000338515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a5c577d12bbd02021-12-21 10:23:26.943root 11241100x8000000000000000338516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3d8486202fb6132021-12-21 10:23:26.943root 11241100x8000000000000000338517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78319f0bbc9eb12d2021-12-21 10:23:26.944root 11241100x8000000000000000338518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfb5aee7179a1422021-12-21 10:23:26.944root 11241100x8000000000000000338519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37a50cc4d9e94932021-12-21 10:23:26.944root 11241100x8000000000000000338520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c29b078864583582021-12-21 10:23:26.944root 11241100x8000000000000000338521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584493ef08a320202021-12-21 10:23:26.944root 11241100x8000000000000000338522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799d20be5118c5c42021-12-21 10:23:26.944root 11241100x8000000000000000338523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695f4e559de48ede2021-12-21 10:23:26.944root 11241100x8000000000000000338524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885acd8535122b342021-12-21 10:23:26.944root 11241100x8000000000000000338525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beded0bb83bb2832021-12-21 10:23:26.944root 11241100x8000000000000000338526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24673f7a75506b3c2021-12-21 10:23:26.944root 11241100x8000000000000000338527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5ff218fbf557b72021-12-21 10:23:26.945root 11241100x8000000000000000338528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d226581115190c92021-12-21 10:23:26.945root 11241100x8000000000000000338529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8828f7786d2247992021-12-21 10:23:26.945root 11241100x8000000000000000338530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bcdce5e2c54ee82021-12-21 10:23:26.945root 11241100x8000000000000000338531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63e76e72db7e3b92021-12-21 10:23:26.945root 11241100x8000000000000000338532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9286112d85c24f2021-12-21 10:23:26.945root 11241100x8000000000000000338533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d742319820612dd2021-12-21 10:23:26.945root 11241100x8000000000000000338534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15719c1b3f3c0a22021-12-21 10:23:26.946root 11241100x8000000000000000338535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefcd01e8478733d2021-12-21 10:23:26.946root 11241100x8000000000000000338536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90922d4dc27578292021-12-21 10:23:26.946root 11241100x8000000000000000338537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f5a03dd9b6facc2021-12-21 10:23:26.946root 11241100x8000000000000000338538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aca36541a9e8252021-12-21 10:23:26.947root 11241100x8000000000000000338539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2415150e7a39a372021-12-21 10:23:26.947root 11241100x8000000000000000338540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329848b767f759ce2021-12-21 10:23:26.947root 11241100x8000000000000000338541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb611fea72728122021-12-21 10:23:26.947root 11241100x8000000000000000338542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7dc64a5caf6d3f2021-12-21 10:23:26.948root 11241100x8000000000000000338543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e19da278bc5ca2021-12-21 10:23:26.948root 11241100x8000000000000000338544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b12404649c9f5892021-12-21 10:23:26.948root 11241100x8000000000000000338545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8a961ed3ec3ba02021-12-21 10:23:26.949root 11241100x8000000000000000338546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d9742eb17365e2021-12-21 10:23:26.949root 11241100x8000000000000000338547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0056a2ba290224f62021-12-21 10:23:26.949root 11241100x8000000000000000338548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86d931b84dfcb742021-12-21 10:23:26.950root 11241100x8000000000000000338549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485a2d95e33b9eb2021-12-21 10:23:26.950root 11241100x8000000000000000338550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3a5e4f86b124d82021-12-21 10:23:26.950root 11241100x8000000000000000338551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24156f9b31305d82021-12-21 10:23:26.950root 11241100x8000000000000000338552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0857f2b71a4cf312021-12-21 10:23:26.950root 11241100x8000000000000000338553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416d3568cef1238d2021-12-21 10:23:26.950root 11241100x8000000000000000338554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9d2e9137ac11472021-12-21 10:23:26.950root 11241100x8000000000000000338555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2103080ad4a06722021-12-21 10:23:26.951root 11241100x8000000000000000338556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9835296bb2e61c2021-12-21 10:23:26.951root 11241100x8000000000000000338557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94721e5e0f7bc30c2021-12-21 10:23:26.951root 11241100x8000000000000000338558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9825603410e914b2021-12-21 10:23:26.951root 11241100x8000000000000000338559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370620733f7d5182021-12-21 10:23:26.951root 11241100x8000000000000000338560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51bf7798e2ec76c2021-12-21 10:23:26.951root 11241100x8000000000000000338561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dbcf38d896c0502021-12-21 10:23:26.951root 11241100x8000000000000000338562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2157bcfa97b011a2021-12-21 10:23:26.951root 11241100x8000000000000000338563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a60fa4f68028a52021-12-21 10:23:26.952root 11241100x8000000000000000338564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e1c15b3fd5eded2021-12-21 10:23:27.443root 11241100x8000000000000000338565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1beba5f2704d2b2021-12-21 10:23:27.443root 11241100x8000000000000000338566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6789f9a0eadac2021-12-21 10:23:27.443root 11241100x8000000000000000338567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce98a85af0143bba2021-12-21 10:23:27.443root 11241100x8000000000000000338568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e9fc65291d7eeb2021-12-21 10:23:27.443root 11241100x8000000000000000338569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835c4b105a690df02021-12-21 10:23:27.443root 11241100x8000000000000000338570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1509756e36205a142021-12-21 10:23:27.444root 11241100x8000000000000000338571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa4d5718168d1dc2021-12-21 10:23:27.444root 11241100x8000000000000000338572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec877e5fa3bff702021-12-21 10:23:27.444root 11241100x8000000000000000338573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0616e4ee75221e952021-12-21 10:23:27.444root 11241100x8000000000000000338574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4bb72a6cf6c7552021-12-21 10:23:27.444root 11241100x8000000000000000338575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30caf178040294d92021-12-21 10:23:27.444root 11241100x8000000000000000338576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0316ddc8a927392021-12-21 10:23:27.444root 11241100x8000000000000000338577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d982f828197fa42021-12-21 10:23:27.444root 11241100x8000000000000000338578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9b081f0ee751382021-12-21 10:23:27.444root 11241100x8000000000000000338579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be35d67bbf90332021-12-21 10:23:27.445root 11241100x8000000000000000338580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb16f5f65f8e8072021-12-21 10:23:27.445root 11241100x8000000000000000338581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2ffd506eccd34e2021-12-21 10:23:27.445root 11241100x8000000000000000338582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209e07d497271f3d2021-12-21 10:23:27.445root 11241100x8000000000000000338583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f062d9dfb5e9012021-12-21 10:23:27.445root 11241100x8000000000000000338584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892c47965498e5992021-12-21 10:23:27.445root 11241100x8000000000000000338585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bb23d84854263d2021-12-21 10:23:27.445root 11241100x8000000000000000338586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72ebe4b181dfe12021-12-21 10:23:27.445root 11241100x8000000000000000338587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a96be7eba4f9a192021-12-21 10:23:27.445root 11241100x8000000000000000338588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f16be55b797bbe2021-12-21 10:23:27.446root 11241100x8000000000000000338589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a5e3a8359c5ccc2021-12-21 10:23:27.446root 11241100x8000000000000000338590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235732eee0092b02021-12-21 10:23:27.446root 11241100x8000000000000000338591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342fd982fc481d052021-12-21 10:23:27.446root 11241100x8000000000000000338592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64c2cc41f7ce80d2021-12-21 10:23:27.446root 11241100x8000000000000000338593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d00557bb6330812021-12-21 10:23:27.446root 11241100x8000000000000000338594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe0abb99bc0c4192021-12-21 10:23:27.446root 11241100x8000000000000000338595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce3700ddaf7c60b2021-12-21 10:23:27.446root 11241100x8000000000000000338596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07fd34e5a86d11d2021-12-21 10:23:27.446root 11241100x8000000000000000338597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38bd3263aae1db62021-12-21 10:23:27.446root 11241100x8000000000000000338598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eebf98b46a70e052021-12-21 10:23:27.446root 11241100x8000000000000000338599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36fd1000d3f8a082021-12-21 10:23:27.447root 11241100x8000000000000000338600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a008435920c737292021-12-21 10:23:27.447root 11241100x8000000000000000338601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9555cb19780e20e52021-12-21 10:23:27.447root 11241100x8000000000000000338602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd40230ee9ef87f2021-12-21 10:23:27.448root 11241100x8000000000000000338603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ba23591626b2ed2021-12-21 10:23:27.448root 11241100x8000000000000000338604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcaa96779a219d42021-12-21 10:23:27.448root 11241100x8000000000000000338605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1821be4220ffceb02021-12-21 10:23:27.448root 11241100x8000000000000000338606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341569cd5e3806f72021-12-21 10:23:27.448root 11241100x8000000000000000338607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef54919b1d803762021-12-21 10:23:27.448root 11241100x8000000000000000338608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39019141340f00172021-12-21 10:23:27.449root 11241100x8000000000000000338609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ae7712ab8fb5ad2021-12-21 10:23:27.449root 11241100x8000000000000000338610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c14ef077f45df92021-12-21 10:23:27.943root 11241100x8000000000000000338611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a27c85bc09b18132021-12-21 10:23:27.943root 11241100x8000000000000000338612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9917a06d765d8e02021-12-21 10:23:27.943root 11241100x8000000000000000338613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626473524ef39c02021-12-21 10:23:27.943root 11241100x8000000000000000338614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97adf7f9998ae2332021-12-21 10:23:27.943root 11241100x8000000000000000338615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461fae5f804475bb2021-12-21 10:23:27.944root 11241100x8000000000000000338616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddcabcb28140e0c2021-12-21 10:23:27.944root 11241100x8000000000000000338617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022fe8740f33f5cf2021-12-21 10:23:27.944root 11241100x8000000000000000338618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa823e029929b132021-12-21 10:23:27.944root 11241100x8000000000000000338619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130968fff687dd562021-12-21 10:23:27.944root 11241100x8000000000000000338620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff0d2c8f4afdb5d2021-12-21 10:23:27.944root 11241100x8000000000000000338621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920c2d773d6369e52021-12-21 10:23:27.944root 11241100x8000000000000000338622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf60fcc4a4c8b6482021-12-21 10:23:27.944root 11241100x8000000000000000338623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dfcbf5a501b1712021-12-21 10:23:27.944root 11241100x8000000000000000338624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6459aeae8c69c92021-12-21 10:23:27.944root 11241100x8000000000000000338625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295ebc86a3cbc842021-12-21 10:23:27.945root 11241100x8000000000000000338626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edadfd0ac5856662021-12-21 10:23:27.945root 11241100x8000000000000000338627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b2efa73191131c2021-12-21 10:23:27.945root 11241100x8000000000000000338628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ee57fd81511642021-12-21 10:23:27.945root 11241100x8000000000000000338629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca94588b16d2c9b2021-12-21 10:23:27.945root 11241100x8000000000000000338630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616c61e3334d915f2021-12-21 10:23:27.945root 11241100x8000000000000000338631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c368c604e9a4252021-12-21 10:23:27.945root 11241100x8000000000000000338632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde5230904f99e542021-12-21 10:23:27.945root 11241100x8000000000000000338633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dc5552ac8a07e12021-12-21 10:23:27.945root 11241100x8000000000000000338634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12bdc65bebf465f2021-12-21 10:23:27.945root 11241100x8000000000000000338635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c2886debfefe692021-12-21 10:23:27.945root 11241100x8000000000000000338636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31155ab23dc9bf8b2021-12-21 10:23:27.945root 11241100x8000000000000000338637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9184637f6ffba02021-12-21 10:23:27.946root 11241100x8000000000000000338638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df342f10c2635382021-12-21 10:23:27.946root 11241100x8000000000000000338639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ecfb9fc6883eca2021-12-21 10:23:27.946root 11241100x8000000000000000338640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba581b80e9f680122021-12-21 10:23:27.946root 11241100x8000000000000000338641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f2821b977fab42021-12-21 10:23:27.946root 11241100x8000000000000000338642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316684535629b8582021-12-21 10:23:27.946root 11241100x8000000000000000338643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b169daf30fb9232021-12-21 10:23:27.946root 11241100x8000000000000000338644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d0d95b36c402d2021-12-21 10:23:27.946root 11241100x8000000000000000338645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71057a55bb5a769c2021-12-21 10:23:27.946root 11241100x8000000000000000338646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2529b8b638e252021-12-21 10:23:27.946root 354300x8000000000000000338647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.037{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47030-false10.0.1.12-8000- 11241100x8000000000000000338648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2808d7a483af7f2021-12-21 10:23:28.443root 11241100x8000000000000000338649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eefad104d92ca42021-12-21 10:23:28.443root 11241100x8000000000000000338650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7688ec51025858732021-12-21 10:23:28.443root 11241100x8000000000000000338651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceaaa9fcc7cbcbd2021-12-21 10:23:28.443root 11241100x8000000000000000338652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee1863f245435932021-12-21 10:23:28.443root 11241100x8000000000000000338653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17ba43ad95836db2021-12-21 10:23:28.443root 11241100x8000000000000000338654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01d4248c7caf8392021-12-21 10:23:28.444root 11241100x8000000000000000338655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f558b7e16f82d10a2021-12-21 10:23:28.444root 11241100x8000000000000000338656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e94a048cb94d5392021-12-21 10:23:28.444root 11241100x8000000000000000338657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4495e808f750682021-12-21 10:23:28.444root 11241100x8000000000000000338658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1086ae90f2d11422021-12-21 10:23:28.444root 11241100x8000000000000000338659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303a1e70b17e6d3a2021-12-21 10:23:28.444root 11241100x8000000000000000338660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd9fe729a75df6c2021-12-21 10:23:28.445root 11241100x8000000000000000338661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad9c814734be4d62021-12-21 10:23:28.445root 11241100x8000000000000000338662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8659da2e4ddcb52021-12-21 10:23:28.445root 11241100x8000000000000000338663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726d0cc274d6e3e02021-12-21 10:23:28.445root 11241100x8000000000000000338664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8760d56313214d082021-12-21 10:23:28.445root 11241100x8000000000000000338665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d08c19ce0bcfb2021-12-21 10:23:28.445root 11241100x8000000000000000338666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5c6500c9af82de2021-12-21 10:23:28.445root 11241100x8000000000000000338667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce3f853e27a0fa52021-12-21 10:23:28.446root 11241100x8000000000000000338668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659d08932c1104402021-12-21 10:23:28.446root 11241100x8000000000000000338669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428353a9dd0c8e152021-12-21 10:23:28.446root 11241100x8000000000000000338670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c471f86b9ed682cc2021-12-21 10:23:28.446root 11241100x8000000000000000338671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ebfa0e9c4ba4c62021-12-21 10:23:28.446root 11241100x8000000000000000338672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807e74ccf569d77a2021-12-21 10:23:28.446root 11241100x8000000000000000338673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d98776663deb8ef2021-12-21 10:23:28.446root 11241100x8000000000000000338674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53ee308b33aace62021-12-21 10:23:28.447root 11241100x8000000000000000338675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08151914a1e47be2021-12-21 10:23:28.447root 11241100x8000000000000000338676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0edadc85f43b4e2021-12-21 10:23:28.447root 11241100x8000000000000000338677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848b4f5ff709f2bf2021-12-21 10:23:28.447root 11241100x8000000000000000338678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcedd8763ec0e2a2021-12-21 10:23:28.447root 11241100x8000000000000000338679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62862eedcc8b56932021-12-21 10:23:28.448root 11241100x8000000000000000338680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02481078bb5d6082021-12-21 10:23:28.448root 11241100x8000000000000000338681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f862ba8b751d9dc12021-12-21 10:23:28.448root 11241100x8000000000000000338682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400188691c1aca912021-12-21 10:23:28.448root 11241100x8000000000000000338683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e842b4cee74ca12021-12-21 10:23:28.449root 11241100x8000000000000000338684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd5fbe73829a16c2021-12-21 10:23:28.449root 11241100x8000000000000000338685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c18ed705a268452021-12-21 10:23:28.449root 11241100x8000000000000000338686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774734d30ca2758b2021-12-21 10:23:28.449root 11241100x8000000000000000338687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057a12416e2786612021-12-21 10:23:28.449root 11241100x8000000000000000338688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d5a45b48a388312021-12-21 10:23:28.450root 11241100x8000000000000000338689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a638feb0da83b24c2021-12-21 10:23:28.450root 11241100x8000000000000000338690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347078adc85f22a02021-12-21 10:23:28.943root 11241100x8000000000000000338691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eff0b4686239512021-12-21 10:23:28.943root 11241100x8000000000000000338692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a797b34b33648e2021-12-21 10:23:28.943root 11241100x8000000000000000338693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc5c7c5bf41f0602021-12-21 10:23:28.943root 11241100x8000000000000000338694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e07fe0336f7440d2021-12-21 10:23:28.944root 11241100x8000000000000000338695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78488af851d1bd422021-12-21 10:23:28.944root 11241100x8000000000000000338696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaf3d031e795ed22021-12-21 10:23:28.944root 11241100x8000000000000000338697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908a499ea7b52ced2021-12-21 10:23:28.944root 11241100x8000000000000000338698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8585e10a627f892021-12-21 10:23:28.945root 11241100x8000000000000000338699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84400127c0f4d6c2021-12-21 10:23:28.945root 11241100x8000000000000000338700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46521b183467d02c2021-12-21 10:23:28.945root 11241100x8000000000000000338701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846f76573631df1d2021-12-21 10:23:28.945root 11241100x8000000000000000338702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0ac5b69f30e742021-12-21 10:23:28.945root 11241100x8000000000000000338703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c99d1bef553e6682021-12-21 10:23:28.945root 11241100x8000000000000000338704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327dd2a89a358db2021-12-21 10:23:28.945root 11241100x8000000000000000338705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbcc07eb33d2acb2021-12-21 10:23:28.946root 11241100x8000000000000000338706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472a920b6b389ca82021-12-21 10:23:28.946root 11241100x8000000000000000338707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84f512487fc7a852021-12-21 10:23:28.946root 11241100x8000000000000000338708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83545e52dd943002021-12-21 10:23:28.947root 11241100x8000000000000000338709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c765afe65c4f442021-12-21 10:23:28.947root 11241100x8000000000000000338710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fa33b935c9cee42021-12-21 10:23:28.947root 11241100x8000000000000000338711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44808a30b4a23b432021-12-21 10:23:28.948root 11241100x8000000000000000338712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261e1b79fac0f482021-12-21 10:23:28.948root 11241100x8000000000000000338713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cca72573a36ce42021-12-21 10:23:28.948root 11241100x8000000000000000338714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5308e399bc29b22021-12-21 10:23:28.948root 11241100x8000000000000000338715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16802451b65255d2021-12-21 10:23:28.948root 11241100x8000000000000000338716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35eb2a488ea607ee2021-12-21 10:23:28.948root 11241100x8000000000000000338717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d643e9f3a2ae09d2021-12-21 10:23:28.948root 11241100x8000000000000000338718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f86096237903682021-12-21 10:23:28.948root 11241100x8000000000000000338719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456db5de25ce9c432021-12-21 10:23:28.949root 11241100x8000000000000000338720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2dc9ce18db830b2021-12-21 10:23:28.949root 11241100x8000000000000000338721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995568dec227631c2021-12-21 10:23:28.949root 11241100x8000000000000000338722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4ee89698d22ab42021-12-21 10:23:28.950root 11241100x8000000000000000338723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0572c080f44944a22021-12-21 10:23:28.950root 11241100x8000000000000000338724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b9bf86194030012021-12-21 10:23:28.950root 11241100x8000000000000000338725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8d397dd42b6c5c2021-12-21 10:23:28.950root 11241100x8000000000000000338726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b16f96eca282d3b2021-12-21 10:23:28.950root 11241100x8000000000000000338727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2090b0e62f0e0fd2021-12-21 10:23:28.950root 11241100x8000000000000000338728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457e321b58b5ad422021-12-21 10:23:28.951root 11241100x8000000000000000338729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0754037914c728ca2021-12-21 10:23:29.443root 11241100x8000000000000000338730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03dee2537a20842021-12-21 10:23:29.443root 11241100x8000000000000000338731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0b8b336c7eb9302021-12-21 10:23:29.444root 11241100x8000000000000000338732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242f571d128628262021-12-21 10:23:29.444root 11241100x8000000000000000338733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35ffca0a23e9d8d2021-12-21 10:23:29.444root 11241100x8000000000000000338734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ce9179f89967522021-12-21 10:23:29.444root 11241100x8000000000000000338735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b44c0762e41b1c32021-12-21 10:23:29.444root 11241100x8000000000000000338736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57339b1417985bd62021-12-21 10:23:29.444root 11241100x8000000000000000338737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f06dd603f38d8b2021-12-21 10:23:29.444root 11241100x8000000000000000338738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec68cb23734ad9b42021-12-21 10:23:29.444root 11241100x8000000000000000338739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778fe8c707084cd42021-12-21 10:23:29.444root 11241100x8000000000000000338740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f2c14f4913d432021-12-21 10:23:29.444root 11241100x8000000000000000338741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6460b889ff64af62021-12-21 10:23:29.444root 11241100x8000000000000000338742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5396fb22b7c173f22021-12-21 10:23:29.444root 11241100x8000000000000000338743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c32faa460ea23562021-12-21 10:23:29.445root 11241100x8000000000000000338744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f4c955e097d6342021-12-21 10:23:29.445root 11241100x8000000000000000338745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0c98daf793e0cd2021-12-21 10:23:29.445root 11241100x8000000000000000338746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51838e1a314042bb2021-12-21 10:23:29.445root 11241100x8000000000000000338747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47d0e3e06980e5e2021-12-21 10:23:29.445root 11241100x8000000000000000338748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42abea17392db6782021-12-21 10:23:29.446root 11241100x8000000000000000338749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85548c4d48b908642021-12-21 10:23:29.446root 11241100x8000000000000000338750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0820bbfca18262021-12-21 10:23:29.446root 11241100x8000000000000000338751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ae716488bcf87e2021-12-21 10:23:29.446root 11241100x8000000000000000338752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab5a8562b881662021-12-21 10:23:29.446root 11241100x8000000000000000338753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39648e606a648a02021-12-21 10:23:29.447root 11241100x8000000000000000338754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22f89e6bf0f464b2021-12-21 10:23:29.447root 11241100x8000000000000000338755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431161d2b9b497812021-12-21 10:23:29.447root 11241100x8000000000000000338756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1715af1c76016ed12021-12-21 10:23:29.447root 11241100x8000000000000000338757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e91d01fa4138722021-12-21 10:23:29.447root 11241100x8000000000000000338758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14c5b05044694ed2021-12-21 10:23:29.447root 11241100x8000000000000000338759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b711457650270b2021-12-21 10:23:29.447root 11241100x8000000000000000338760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60a959e4ca437132021-12-21 10:23:29.447root 11241100x8000000000000000338761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9d19942025ea9b2021-12-21 10:23:29.448root 11241100x8000000000000000338762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427650527d91ab482021-12-21 10:23:29.942root 11241100x8000000000000000338763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae2ce3a1ccbb91f2021-12-21 10:23:29.943root 11241100x8000000000000000338764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22060442f5ceaf1f2021-12-21 10:23:29.943root 11241100x8000000000000000338765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c5940c224fc07a2021-12-21 10:23:29.944root 11241100x8000000000000000338766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4395233f5f86b6a72021-12-21 10:23:29.944root 11241100x8000000000000000338767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e655691d32e23ee82021-12-21 10:23:29.944root 11241100x8000000000000000338768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63ff70402ee18412021-12-21 10:23:29.944root 11241100x8000000000000000338769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa9238b8bfa6e232021-12-21 10:23:29.944root 11241100x8000000000000000338770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d751a95a6d5520242021-12-21 10:23:29.944root 11241100x8000000000000000338771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c442702722ea4d7f2021-12-21 10:23:29.945root 11241100x8000000000000000338772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe89721a5622be2d2021-12-21 10:23:29.945root 11241100x8000000000000000338773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e56afb8f3be66892021-12-21 10:23:29.945root 11241100x8000000000000000338774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4387d03fb85a5d6b2021-12-21 10:23:29.945root 11241100x8000000000000000338775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57134106c74d46562021-12-21 10:23:29.945root 11241100x8000000000000000338776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397dbfcf6551e1572021-12-21 10:23:29.945root 11241100x8000000000000000338777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7221dbb9094e3d2021-12-21 10:23:29.945root 11241100x8000000000000000338778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60caa3d6cfbad092021-12-21 10:23:29.945root 11241100x8000000000000000338779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6828a154e996d832021-12-21 10:23:29.945root 11241100x8000000000000000338780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f553a0b1e079de262021-12-21 10:23:29.946root 11241100x8000000000000000338781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e875f58f21177d2021-12-21 10:23:29.946root 11241100x8000000000000000338782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6850203fe4c689522021-12-21 10:23:29.946root 11241100x8000000000000000338783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb873a161fc287d2021-12-21 10:23:29.946root 11241100x8000000000000000338784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07ff9f559eb9d732021-12-21 10:23:29.946root 11241100x8000000000000000338785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21ec36b80b76ad52021-12-21 10:23:29.946root 11241100x8000000000000000338786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b555572ece7548f2021-12-21 10:23:29.946root 11241100x8000000000000000338787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc48ad7e0310b25a2021-12-21 10:23:29.946root 11241100x8000000000000000338788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8146a0ce3f2f752c2021-12-21 10:23:29.946root 11241100x8000000000000000338789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6cc649699ebbd2021-12-21 10:23:29.946root 11241100x8000000000000000338790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe750cc6691bb102021-12-21 10:23:29.947root 11241100x8000000000000000338791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d27a48c8ab4c99a2021-12-21 10:23:29.947root 11241100x8000000000000000338792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f7e66794141a92021-12-21 10:23:29.947root 11241100x8000000000000000338793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f7e26163b2f68f2021-12-21 10:23:29.947root 11241100x8000000000000000338794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597744f341a8cf3a2021-12-21 10:23:29.947root 11241100x8000000000000000338795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a6fedda4677862021-12-21 10:23:29.947root 11241100x8000000000000000338796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ef68793b3437c32021-12-21 10:23:29.947root 11241100x8000000000000000338797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4249ab7943bc5c2c2021-12-21 10:23:30.443root 11241100x8000000000000000338798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc22755145b688eb2021-12-21 10:23:30.443root 11241100x8000000000000000338799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4872fa494cc8547c2021-12-21 10:23:30.443root 11241100x8000000000000000338800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c585670a69d347092021-12-21 10:23:30.443root 11241100x8000000000000000338801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3702d8c1696dcde12021-12-21 10:23:30.443root 11241100x8000000000000000338802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07903aeff734b1312021-12-21 10:23:30.443root 11241100x8000000000000000338803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd1085b174a73852021-12-21 10:23:30.443root 11241100x8000000000000000338804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5305bf15bda4cd02021-12-21 10:23:30.443root 11241100x8000000000000000338805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d9247c8256ca62021-12-21 10:23:30.443root 11241100x8000000000000000338806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a55062dcf50712021-12-21 10:23:30.444root 11241100x8000000000000000338807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4d5152c6d87e3a2021-12-21 10:23:30.444root 11241100x8000000000000000338808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d3c5df07b966cc2021-12-21 10:23:30.444root 11241100x8000000000000000338809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102f2140c00a6f6c2021-12-21 10:23:30.444root 11241100x8000000000000000338810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892fd11ef7bb93002021-12-21 10:23:30.444root 11241100x8000000000000000338811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61796f41ca25a4fc2021-12-21 10:23:30.444root 11241100x8000000000000000338812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87305ade793c76a02021-12-21 10:23:30.444root 11241100x8000000000000000338813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc79e479ff04b762021-12-21 10:23:30.444root 11241100x8000000000000000338814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c0b71f173850a72021-12-21 10:23:30.444root 11241100x8000000000000000338815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc234320f38af512021-12-21 10:23:30.444root 11241100x8000000000000000338816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957f035233069a292021-12-21 10:23:30.445root 11241100x8000000000000000338817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2556d538040142021-12-21 10:23:30.445root 11241100x8000000000000000338818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8031835a2f57ba732021-12-21 10:23:30.445root 11241100x8000000000000000338819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da698c29d2dfc44e2021-12-21 10:23:30.445root 11241100x8000000000000000338820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6519744757c76ed52021-12-21 10:23:30.445root 11241100x8000000000000000338821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e0909555b983a42021-12-21 10:23:30.445root 11241100x8000000000000000338822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.