11241100x80000000000000007210795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:15.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f07d44a96892bd2021-12-23 11:51:15.192root 11241100x80000000000000007210796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:15.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd1e52cdcd1c862021-12-23 11:51:15.692root 11241100x80000000000000007210797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:16.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a331e82eb864e1072021-12-23 11:51:16.192root 11241100x80000000000000007210798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:16.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e468305ac018ba252021-12-23 11:51:16.692root 354300x80000000000000007210799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.011{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33752-false10.0.1.12-8000- 11241100x80000000000000007210800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11f914ad92738682021-12-23 11:51:17.012root 11241100x80000000000000007210801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2012092ccab34be2021-12-23 11:51:17.442root 11241100x80000000000000007210802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe27e6b484e5e5282021-12-23 11:51:17.443root 11241100x80000000000000007210803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a535e7e023506b662021-12-23 11:51:17.942root 11241100x80000000000000007210804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee1381e2fe16ad2021-12-23 11:51:17.943root 11241100x80000000000000007210805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae19adebc7a770d02021-12-23 11:51:18.442root 11241100x80000000000000007210806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6260e79ad0e8ad0e2021-12-23 11:51:18.443root 11241100x80000000000000007210807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c062c5b3c1336fc52021-12-23 11:51:18.942root 11241100x80000000000000007210808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ede8fbe55d49722021-12-23 11:51:18.942root 11241100x80000000000000007210809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d0d6292d0933092021-12-23 11:51:19.442root 11241100x80000000000000007210810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36c5082df2fce8d2021-12-23 11:51:19.442root 11241100x80000000000000007210811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f60ee5dee0f5ca2021-12-23 11:51:19.942root 11241100x80000000000000007210812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3499353bbe02002021-12-23 11:51:19.942root 11241100x80000000000000007210813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42686e7ce01f48812021-12-23 11:51:20.442root 11241100x80000000000000007210814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc692a9cce2e03002021-12-23 11:51:20.442root 11241100x80000000000000007210815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c579f46058a26da82021-12-23 11:51:20.943root 11241100x80000000000000007210816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8362d1a4c11d989e2021-12-23 11:51:20.943root 11241100x80000000000000007210817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9723cda8dd2137842021-12-23 11:51:21.442root 11241100x80000000000000007210818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f25bc8374051092021-12-23 11:51:21.442root 11241100x80000000000000007210819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca4d9d761feb2b12021-12-23 11:51:21.942root 11241100x80000000000000007210820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a4395e9e696fd12021-12-23 11:51:21.943root 354300x80000000000000007210821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.134{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33754-false10.0.1.12-8000- 11241100x80000000000000007210822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c800c7dbcbebada42021-12-23 11:51:22.442root 11241100x80000000000000007210823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad0b48ec9b6147c2021-12-23 11:51:22.443root 11241100x80000000000000007210824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05951485449d2da92021-12-23 11:51:22.443root 11241100x80000000000000007210825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a5b17e8c889f92021-12-23 11:51:22.942root 11241100x80000000000000007210826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a10d4dccced900f2021-12-23 11:51:22.943root 11241100x80000000000000007210827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e473b2b3c21615a72021-12-23 11:51:22.943root 11241100x80000000000000007210828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4b01921e5181502021-12-23 11:51:23.442root 11241100x80000000000000007210829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c392a6153ee9672021-12-23 11:51:23.443root 11241100x80000000000000007210830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc555724bc6c63572021-12-23 11:51:23.443root 11241100x80000000000000007210831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f97a28d4891d422021-12-23 11:51:23.942root 11241100x80000000000000007210832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c6d91df3e31c952021-12-23 11:51:23.943root 11241100x80000000000000007210833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee45e6a31793fc12021-12-23 11:51:23.943root 11241100x80000000000000007210834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84976ee2459550bf2021-12-23 11:51:24.442root 11241100x80000000000000007210835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a29abcc703657b2021-12-23 11:51:24.443root 11241100x80000000000000007210836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a95c94b228dc232021-12-23 11:51:24.443root 11241100x80000000000000007210837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1473a10809c1f2402021-12-23 11:51:24.942root 11241100x80000000000000007210838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1aa818ddcb2ef32021-12-23 11:51:24.943root 11241100x80000000000000007210839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a402bbb95c7b1d02021-12-23 11:51:24.943root 11241100x80000000000000007210840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7654fb6632a01b982021-12-23 11:51:25.442root 11241100x80000000000000007210841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb27a77e4afa2af62021-12-23 11:51:25.443root 11241100x80000000000000007210842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887442bd5f6330f12021-12-23 11:51:25.443root 11241100x80000000000000007210843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e412bae2935dd772021-12-23 11:51:25.942root 11241100x80000000000000007210844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a30f6ae8a71c142021-12-23 11:51:25.943root 11241100x80000000000000007210845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6145f39ea5cf61fe2021-12-23 11:51:25.943root 11241100x80000000000000007210846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e0fd77448f85422021-12-23 11:51:26.442root 11241100x80000000000000007210847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f6c66b41a3e0392021-12-23 11:51:26.443root 11241100x80000000000000007210848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc88de16748727d2021-12-23 11:51:26.443root 11241100x80000000000000007210849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fa98cf93c1ee042021-12-23 11:51:26.942root 11241100x80000000000000007210850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c18a7894aea2b2021-12-23 11:51:26.943root 11241100x80000000000000007210851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed151eab20407362021-12-23 11:51:26.943root 354300x80000000000000007210852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.207{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33756-false10.0.1.12-8000- 11241100x80000000000000007210853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eacc7a96be05dd62021-12-23 11:51:27.208root 11241100x80000000000000007210854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfa2040633fa5df2021-12-23 11:51:27.208root 11241100x80000000000000007210855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d8fb8676140e852021-12-23 11:51:27.208root 11241100x80000000000000007210856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb42c1cfc081852021-12-23 11:51:27.208root 11241100x80000000000000007210857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df2622fe930294c2021-12-23 11:51:27.692root 11241100x80000000000000007210858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dc778ece799d3d2021-12-23 11:51:27.693root 11241100x80000000000000007210859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3912f596073e648d2021-12-23 11:51:27.693root 11241100x80000000000000007210860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d89e5c953178a32021-12-23 11:51:27.693root 11241100x80000000000000007210861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e64337cdf1e38232021-12-23 11:51:28.192root 11241100x80000000000000007210862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b53ae994f7446a2021-12-23 11:51:28.193root 11241100x80000000000000007210863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b870ea40668c51d2021-12-23 11:51:28.193root 11241100x80000000000000007210864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c3920bf726e6582021-12-23 11:51:28.193root 11241100x80000000000000007210865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb577273416a68e62021-12-23 11:51:28.692root 11241100x80000000000000007210866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ede73e62a335992021-12-23 11:51:28.693root 11241100x80000000000000007210867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a528ba9d3b440e2021-12-23 11:51:28.693root 11241100x80000000000000007210868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34961fb063b8377f2021-12-23 11:51:28.693root 11241100x80000000000000007210869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26a523b96742f692021-12-23 11:51:29.193root 11241100x80000000000000007210870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d831b97af23322021-12-23 11:51:29.193root 11241100x80000000000000007210871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61df2f1f4a2e997d2021-12-23 11:51:29.193root 11241100x80000000000000007210872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b2b90094f5749d2021-12-23 11:51:29.193root 11241100x80000000000000007210873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e750cc64b309e4c42021-12-23 11:51:29.692root 11241100x80000000000000007210874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8accebc8f37f8f2021-12-23 11:51:29.693root 11241100x80000000000000007210875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511f5b9c7442b2662021-12-23 11:51:29.693root 11241100x80000000000000007210876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09c0fe957eec24f2021-12-23 11:51:29.693root 11241100x80000000000000007210877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:51:30.142root 11241100x80000000000000007210878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532406f65b7e24382021-12-23 11:51:30.143root 11241100x80000000000000007210879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6ac0d41d66b072021-12-23 11:51:30.143root 11241100x80000000000000007210880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b296928b714ee02021-12-23 11:51:30.143root 11241100x80000000000000007210881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd4461938d3eb02021-12-23 11:51:30.144root 11241100x80000000000000007210882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9b049dd5370652021-12-23 11:51:30.144root 11241100x80000000000000007210883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076df60508c170d2021-12-23 11:51:30.443root 11241100x80000000000000007210884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9352f73f134bfc432021-12-23 11:51:30.443root 11241100x80000000000000007210885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ebf76f835699312021-12-23 11:51:30.443root 11241100x80000000000000007210886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86b3b3308d6e3c52021-12-23 11:51:30.443root 11241100x80000000000000007210887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c38a09fb3bc62b2021-12-23 11:51:30.443root 11241100x80000000000000007210888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb33c90157001d8b2021-12-23 11:51:30.942root 11241100x80000000000000007210889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0089efdbffcaebf2021-12-23 11:51:30.943root 11241100x80000000000000007210890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac0b4acee24004a2021-12-23 11:51:30.943root 11241100x80000000000000007210891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58261cd02c5486552021-12-23 11:51:30.943root 11241100x80000000000000007210892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584542aa66fa05b62021-12-23 11:51:30.943root 154100x80000000000000007210893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.060{ec2b6afe-62c3-61c4-68c4-da44e5550000}5072/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000007210894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.071{ec2b6afe-62c3-61c4-68c4-da44e5550000}5072/bin/psroot 11241100x80000000000000007210895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf4c05b927e24792021-12-23 11:51:31.443root 11241100x80000000000000007210896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b762b4e2ba39ca3b2021-12-23 11:51:31.443root 11241100x80000000000000007210897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ef631a3c81839b2021-12-23 11:51:31.443root 11241100x80000000000000007210898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77feb2a05e6213d2021-12-23 11:51:31.443root 11241100x80000000000000007210899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370547b80927e1832021-12-23 11:51:31.443root 11241100x80000000000000007210900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a7e06d7de0f49b2021-12-23 11:51:31.443root 11241100x80000000000000007210901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591cd8ae35b0af42021-12-23 11:51:31.443root 11241100x80000000000000007210902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9fd0455de96e82021-12-23 11:51:31.943root 11241100x80000000000000007210903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1df3865976656282021-12-23 11:51:31.943root 11241100x80000000000000007210904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeadc1bebc7ef372021-12-23 11:51:31.943root 11241100x80000000000000007210905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5849f976f7727a2021-12-23 11:51:31.943root 11241100x80000000000000007210906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887755abf09a3d32021-12-23 11:51:31.943root 11241100x80000000000000007210907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f4afc1e6493c402021-12-23 11:51:31.943root 11241100x80000000000000007210908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fb145b9511a3f42021-12-23 11:51:31.943root 11241100x80000000000000007210909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada2a905b88def512021-12-23 11:51:32.443root 11241100x80000000000000007210910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6318d7b4f1b70a092021-12-23 11:51:32.443root 11241100x80000000000000007210911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b048e59b09cb3a2021-12-23 11:51:32.443root 11241100x80000000000000007210912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec69a365640df442021-12-23 11:51:32.443root 11241100x80000000000000007210913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd501fd9c0c574a2021-12-23 11:51:32.443root 11241100x80000000000000007210914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c57f89ea02af3b2021-12-23 11:51:32.443root 11241100x80000000000000007210915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4818b0e76404faba2021-12-23 11:51:32.443root 11241100x80000000000000007210916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6932581a43d13dc2021-12-23 11:51:32.943root 11241100x80000000000000007210917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695faaec1eb3ee102021-12-23 11:51:32.943root 11241100x80000000000000007210918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e60d3b3f4db7302021-12-23 11:51:32.943root 11241100x80000000000000007210919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd11caf9d738532021-12-23 11:51:32.943root 11241100x80000000000000007210920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc96ae45515a18c22021-12-23 11:51:32.943root 11241100x80000000000000007210921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cacf42dcfc43f2021-12-23 11:51:32.943root 11241100x80000000000000007210922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82715b6c4c6e2912021-12-23 11:51:32.943root 23542300x80000000000000007210923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000007210924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.161{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33758-false10.0.1.12-8000- 11241100x80000000000000007210925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b9c650b99022a12021-12-23 11:51:33.443root 11241100x80000000000000007210926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93da47e8b96df28b2021-12-23 11:51:33.443root 11241100x80000000000000007210927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097eeeeda6ddd7722021-12-23 11:51:33.443root 11241100x80000000000000007210928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e0d2b50086af112021-12-23 11:51:33.443root 11241100x80000000000000007210929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3615cb8c7765979a2021-12-23 11:51:33.443root 11241100x80000000000000007210930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c493ab51e265bd02021-12-23 11:51:33.443root 11241100x80000000000000007210931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1706b9944340022021-12-23 11:51:33.443root 11241100x80000000000000007210932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2e705e58fe2592021-12-23 11:51:33.443root 11241100x80000000000000007210933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cdef7acfb4e6f62021-12-23 11:51:33.443root 11241100x80000000000000007210934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72d2c7c626112962021-12-23 11:51:33.943root 11241100x80000000000000007210935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a145ec473d563b2021-12-23 11:51:33.943root 11241100x80000000000000007210936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d5a5aa07ce12c72021-12-23 11:51:33.943root 11241100x80000000000000007210937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dad2d1cc0c35d82021-12-23 11:51:33.943root 11241100x80000000000000007210938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153ba432588ac4b82021-12-23 11:51:33.943root 11241100x80000000000000007210939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7e5b5c6ec24c8f2021-12-23 11:51:33.943root 11241100x80000000000000007210940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfa98bb44e066312021-12-23 11:51:33.943root 11241100x80000000000000007210941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68248ac53e87cd6e2021-12-23 11:51:33.943root 11241100x80000000000000007210942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fabfafdcf72b92021-12-23 11:51:33.943root 11241100x80000000000000007210943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e004f65e70a1e192021-12-23 11:51:34.443root 11241100x80000000000000007210944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c239687112aa752c2021-12-23 11:51:34.443root 11241100x80000000000000007210945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17612ffe36bfe7b32021-12-23 11:51:34.443root 11241100x80000000000000007210946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70564d56403f0f912021-12-23 11:51:34.443root 11241100x80000000000000007210947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c58a0735e7442582021-12-23 11:51:34.443root 11241100x80000000000000007210948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08169be614102d082021-12-23 11:51:34.443root 11241100x80000000000000007210949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9b2a54b67f2e1a2021-12-23 11:51:34.443root 11241100x80000000000000007210950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a7fab484e411a52021-12-23 11:51:34.444root 11241100x80000000000000007210951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c49ad7ee852692021-12-23 11:51:34.444root 11241100x80000000000000007210952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24495a19c4c1994b2021-12-23 11:51:34.943root 11241100x80000000000000007210953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43543db68da201d82021-12-23 11:51:34.943root 11241100x80000000000000007210954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222921fe8bb2fb92021-12-23 11:51:34.943root 11241100x80000000000000007210955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dd3e09c2e785062021-12-23 11:51:34.943root 11241100x80000000000000007210956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a300efbd4b0c222021-12-23 11:51:34.943root 11241100x80000000000000007210957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5260e452659b1962021-12-23 11:51:34.943root 11241100x80000000000000007210958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafb4b8421e718772021-12-23 11:51:34.943root 11241100x80000000000000007210959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadfdc1a600910092021-12-23 11:51:34.944root 11241100x80000000000000007210960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbbc4ea37a4134d2021-12-23 11:51:34.944root 11241100x80000000000000007210961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f66e6689c457662021-12-23 11:51:35.443root 11241100x80000000000000007210962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7124fc30267d6f3b2021-12-23 11:51:35.443root 11241100x80000000000000007210963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc1d2006a9939cd2021-12-23 11:51:35.443root 11241100x80000000000000007210964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ee2f5ca1099d842021-12-23 11:51:35.443root 11241100x80000000000000007210965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21169e60092925512021-12-23 11:51:35.443root 11241100x80000000000000007210966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097146141ec1e512021-12-23 11:51:35.443root 11241100x80000000000000007210967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60cb9fe8519b3ab2021-12-23 11:51:35.443root 11241100x80000000000000007210968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50226cce0e57ac662021-12-23 11:51:35.444root 11241100x80000000000000007210969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920d1fe41a67f55b2021-12-23 11:51:35.444root 11241100x80000000000000007210970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78baad84d4164432021-12-23 11:51:35.943root 11241100x80000000000000007210971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4698f9e66a4262c62021-12-23 11:51:35.943root 11241100x80000000000000007210972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58f02c385059e722021-12-23 11:51:35.943root 11241100x80000000000000007210973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f36705afa14d9042021-12-23 11:51:35.943root 11241100x80000000000000007210974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6087df2e48f9522021-12-23 11:51:35.943root 11241100x80000000000000007210975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a9f46e7fac462d2021-12-23 11:51:35.943root 11241100x80000000000000007210976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa50744407ec405e2021-12-23 11:51:35.943root 11241100x80000000000000007210977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac9a88ce647f9342021-12-23 11:51:35.943root 11241100x80000000000000007210978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080a756dfd52ab332021-12-23 11:51:35.943root 11241100x80000000000000007210979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462f49644b33aee62021-12-23 11:51:36.443root 11241100x80000000000000007210980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8956715019b692f2021-12-23 11:51:36.443root 11241100x80000000000000007210981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc10755bf2417a12021-12-23 11:51:36.443root 11241100x80000000000000007210982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35779397c25878d2021-12-23 11:51:36.443root 11241100x80000000000000007210983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c6c64aa9528e412021-12-23 11:51:36.443root 11241100x80000000000000007210984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a012a28c93cd3f2021-12-23 11:51:36.443root 11241100x80000000000000007210985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9475b4fcba0ec2021-12-23 11:51:36.443root 11241100x80000000000000007210986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14b1c3523d237622021-12-23 11:51:36.444root 11241100x80000000000000007210987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baabae8bb6438fdb2021-12-23 11:51:36.444root 11241100x80000000000000007210988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94cd0c1b532f9472021-12-23 11:51:36.943root 11241100x80000000000000007210989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f23573d6eca4a6e2021-12-23 11:51:36.943root 11241100x80000000000000007210990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded579360fda2d842021-12-23 11:51:36.943root 11241100x80000000000000007210991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0a59cc990d9ac82021-12-23 11:51:36.943root 11241100x80000000000000007210992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f5aafa3038d8b82021-12-23 11:51:36.943root 11241100x80000000000000007210993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001df78b93a7ada02021-12-23 11:51:36.943root 11241100x80000000000000007210994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767bae1359b807dc2021-12-23 11:51:36.943root 11241100x80000000000000007210995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f63ac781622a732021-12-23 11:51:36.944root 11241100x80000000000000007210996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175365a802680d912021-12-23 11:51:36.944root 11241100x80000000000000007210997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968dc2f03043d6332021-12-23 11:51:37.443root 11241100x80000000000000007210998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b1a880a80ada352021-12-23 11:51:37.443root 11241100x80000000000000007210999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007601d79d7c3f62021-12-23 11:51:37.443root 11241100x80000000000000007211000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6988a1070d1b60372021-12-23 11:51:37.443root 11241100x80000000000000007211001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29109523f0ffcd5b2021-12-23 11:51:37.443root 11241100x80000000000000007211002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e235a4134765b582021-12-23 11:51:37.443root 11241100x80000000000000007211003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140121913cec8d4d2021-12-23 11:51:37.443root 11241100x80000000000000007211004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2ebf7cf633eccd2021-12-23 11:51:37.444root 11241100x80000000000000007211005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0cc8d538b0f992021-12-23 11:51:37.444root 11241100x80000000000000007211006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5109dac0a7fd6b222021-12-23 11:51:37.943root 11241100x80000000000000007211007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7d11d612f2da02021-12-23 11:51:37.943root 11241100x80000000000000007211008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5335b78d639284d62021-12-23 11:51:37.943root 11241100x80000000000000007211009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5123320e9940bd32021-12-23 11:51:37.943root 11241100x80000000000000007211010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768880d4663d57642021-12-23 11:51:37.943root 11241100x80000000000000007211011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eefb626feef9b92021-12-23 11:51:37.943root 11241100x80000000000000007211012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882725d438ba2a872021-12-23 11:51:37.943root 11241100x80000000000000007211013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034b6af41157a8f42021-12-23 11:51:37.943root 11241100x80000000000000007211014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fbff228b9a2f1b2021-12-23 11:51:37.944root 11241100x80000000000000007211015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b169ff928f19cd2021-12-23 11:51:38.443root 11241100x80000000000000007211016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd06fe0df8499bfe2021-12-23 11:51:38.443root 11241100x80000000000000007211017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2796b1f9efc5f712021-12-23 11:51:38.443root 11241100x80000000000000007211018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fff35d36d243772021-12-23 11:51:38.443root 11241100x80000000000000007211019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d5d42a265c95722021-12-23 11:51:38.443root 11241100x80000000000000007211020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa93343a9b4e05012021-12-23 11:51:38.443root 11241100x80000000000000007211021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0a975076e3e7182021-12-23 11:51:38.444root 11241100x80000000000000007211022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7655271b5ee5972021-12-23 11:51:38.444root 11241100x80000000000000007211023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ad2ec33001bb92021-12-23 11:51:38.444root 11241100x80000000000000007211024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1725f8993a284a2021-12-23 11:51:38.943root 11241100x80000000000000007211025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5617ed20dd1ace6e2021-12-23 11:51:38.943root 11241100x80000000000000007211026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96218414812fc3572021-12-23 11:51:38.944root 11241100x80000000000000007211027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dbee488fd8c9ad2021-12-23 11:51:38.944root 11241100x80000000000000007211028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d32c92ac2b183d72021-12-23 11:51:38.945root 11241100x80000000000000007211029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e089ca98a5ca89762021-12-23 11:51:38.945root 11241100x80000000000000007211030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd5588336e0c5032021-12-23 11:51:38.945root 11241100x80000000000000007211031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b630c45a812d1a2021-12-23 11:51:38.945root 11241100x80000000000000007211032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbaad79dc33e2102021-12-23 11:51:38.945root 354300x80000000000000007211033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.094{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33760-false10.0.1.12-8000- 11241100x80000000000000007211034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa4c25e81da4c7e2021-12-23 11:51:39.443root 11241100x80000000000000007211035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d7f9f2d6b530e42021-12-23 11:51:39.443root 11241100x80000000000000007211036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003557eddb448e262021-12-23 11:51:39.443root 11241100x80000000000000007211037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ddad44ea5dee662021-12-23 11:51:39.443root 11241100x80000000000000007211038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135ede6861e1dfba2021-12-23 11:51:39.443root 11241100x80000000000000007211039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ecd75b65abae312021-12-23 11:51:39.443root 11241100x80000000000000007211040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dfab92d962e1c12021-12-23 11:51:39.443root 11241100x80000000000000007211041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b86477fcf062f962021-12-23 11:51:39.443root 11241100x80000000000000007211042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fe9e55b26744602021-12-23 11:51:39.444root 11241100x80000000000000007211043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7e702d615601822021-12-23 11:51:39.444root 11241100x80000000000000007211044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25adda7e49bf43782021-12-23 11:51:39.943root 11241100x80000000000000007211045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cbf027e398f3572021-12-23 11:51:39.943root 11241100x80000000000000007211046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a6815a22d8e8382021-12-23 11:51:39.943root 11241100x80000000000000007211047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b790161625399942021-12-23 11:51:39.943root 11241100x80000000000000007211048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d02f81c22119da82021-12-23 11:51:39.943root 11241100x80000000000000007211049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61fd03127863b792021-12-23 11:51:39.943root 11241100x80000000000000007211050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb3cd6ffa9942e82021-12-23 11:51:39.943root 11241100x80000000000000007211051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56116cc85d15b3202021-12-23 11:51:39.943root 11241100x80000000000000007211052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db623ef41a689f92021-12-23 11:51:39.944root 11241100x80000000000000007211053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974d103467d4434e2021-12-23 11:51:39.944root 11241100x80000000000000007211054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bc12f8d14a7c812021-12-23 11:51:40.443root 11241100x80000000000000007211055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0401dc05669bef172021-12-23 11:51:40.443root 11241100x80000000000000007211056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dd53079dc442c42021-12-23 11:51:40.443root 11241100x80000000000000007211057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3315834ef05a42021-12-23 11:51:40.443root 11241100x80000000000000007211058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a7bbc481de0e5b2021-12-23 11:51:40.443root 11241100x80000000000000007211059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8813e47aff42462021-12-23 11:51:40.443root 11241100x80000000000000007211060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb42ce45236d64e2021-12-23 11:51:40.444root 11241100x80000000000000007211061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b12da3dfa9cbaf2021-12-23 11:51:40.444root 11241100x80000000000000007211062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a7580c9e1a1e3a2021-12-23 11:51:40.444root 11241100x80000000000000007211063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10206590495bff22021-12-23 11:51:40.444root 11241100x80000000000000007211064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9e2be3e688c4e62021-12-23 11:51:40.943root 11241100x80000000000000007211065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c198989b70b3d92021-12-23 11:51:40.943root 11241100x80000000000000007211066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e551a75ff1f926b42021-12-23 11:51:40.944root 11241100x80000000000000007211067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2099f2f1d897528d2021-12-23 11:51:40.944root 11241100x80000000000000007211068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fe8f35614823002021-12-23 11:51:40.944root 11241100x80000000000000007211069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2931c78063bfb9322021-12-23 11:51:40.944root 11241100x80000000000000007211070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ba8e8a75a8710f2021-12-23 11:51:40.944root 11241100x80000000000000007211071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e039a9b17c73734d2021-12-23 11:51:40.944root 11241100x80000000000000007211072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42198592206361242021-12-23 11:51:40.944root 11241100x80000000000000007211073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55362d15d57aecef2021-12-23 11:51:40.944root 11241100x80000000000000007211074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4ba2279c5253fe2021-12-23 11:51:41.443root 11241100x80000000000000007211075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f1a0c3053be082021-12-23 11:51:41.443root 11241100x80000000000000007211076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd72082516cc7f4c2021-12-23 11:51:41.443root 11241100x80000000000000007211077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4745f6f883a7a42021-12-23 11:51:41.443root 11241100x80000000000000007211078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f307ef37147d50f42021-12-23 11:51:41.443root 11241100x80000000000000007211079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14ece40c08c17052021-12-23 11:51:41.443root 11241100x80000000000000007211080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da24f53d97c014292021-12-23 11:51:41.443root 11241100x80000000000000007211081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baaa4a8ba0d9d6e2021-12-23 11:51:41.443root 11241100x80000000000000007211082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a8500b970e8e3f2021-12-23 11:51:41.444root 11241100x80000000000000007211083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52258e227a978ef82021-12-23 11:51:41.444root 11241100x80000000000000007211084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da729c83e428e4dd2021-12-23 11:51:41.943root 11241100x80000000000000007211085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc287f876d2417692021-12-23 11:51:41.943root 11241100x80000000000000007211086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a3e0f7d7753ab72021-12-23 11:51:41.943root 11241100x80000000000000007211087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f84eac6fd303b1c2021-12-23 11:51:41.943root 11241100x80000000000000007211088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e0e8928b1a769b2021-12-23 11:51:41.943root 11241100x80000000000000007211089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11015bc191cc0b2021-12-23 11:51:41.943root 11241100x80000000000000007211090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8b6b62056a87692021-12-23 11:51:41.943root 11241100x80000000000000007211091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1de6648d3089822021-12-23 11:51:41.943root 11241100x80000000000000007211092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ce2ee20d9fb652021-12-23 11:51:41.943root 11241100x80000000000000007211093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efbb36bd784ddb62021-12-23 11:51:41.943root 354300x80000000000000007211094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.996{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-49058-false10.0.1.12-8089- 11241100x80000000000000007211095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fce854c5669542021-12-23 11:51:42.443root 11241100x80000000000000007211096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4645195bc86bd5af2021-12-23 11:51:42.443root 11241100x80000000000000007211097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c2f2122766ccf52021-12-23 11:51:42.443root 11241100x80000000000000007211098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95164b918e6a6b002021-12-23 11:51:42.443root 11241100x80000000000000007211099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5fca96fb4a52132021-12-23 11:51:42.443root 11241100x80000000000000007211100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3dd405084d4a212021-12-23 11:51:42.443root 11241100x80000000000000007211101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc800ebbe5a181eb2021-12-23 11:51:42.443root 11241100x80000000000000007211102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaca093d609c4dcc2021-12-23 11:51:42.444root 11241100x80000000000000007211103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e493a8ff37f476512021-12-23 11:51:42.444root 11241100x80000000000000007211104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4302dbea55633d52021-12-23 11:51:42.444root 11241100x80000000000000007211105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aa3295e928f2dc2021-12-23 11:51:42.444root 11241100x80000000000000007211106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0557ed0a6d2d3862021-12-23 11:51:42.943root 11241100x80000000000000007211107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f9c4e292ea9e642021-12-23 11:51:42.943root 11241100x80000000000000007211108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e250adfc64e4cccb2021-12-23 11:51:42.943root 11241100x80000000000000007211109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6c7fc1562af8682021-12-23 11:51:42.943root 11241100x80000000000000007211110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1ed329fa10e9a82021-12-23 11:51:42.943root 11241100x80000000000000007211111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52fd5c6e3e397d2021-12-23 11:51:42.943root 11241100x80000000000000007211112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b879ad5cea302fd2021-12-23 11:51:42.943root 11241100x80000000000000007211113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede41e59222eec712021-12-23 11:51:42.944root 11241100x80000000000000007211114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaff328299cae712021-12-23 11:51:42.944root 11241100x80000000000000007211115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b114c77232d2aa0d2021-12-23 11:51:42.944root 11241100x80000000000000007211116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ca1f29fb8a81162021-12-23 11:51:42.944root 11241100x80000000000000007211117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13dcfebaf27deb22021-12-23 11:51:43.443root 11241100x80000000000000007211118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8102ae3c776cbe502021-12-23 11:51:43.443root 11241100x80000000000000007211119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d0a7af3d3234712021-12-23 11:51:43.443root 11241100x80000000000000007211120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecab51ae4d601032021-12-23 11:51:43.443root 11241100x80000000000000007211121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ba9c2cd84356d2021-12-23 11:51:43.443root 11241100x80000000000000007211122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed8fd83a3ea8d762021-12-23 11:51:43.443root 11241100x80000000000000007211123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdf5b459d7a97112021-12-23 11:51:43.443root 11241100x80000000000000007211124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91fad45ba3b95c62021-12-23 11:51:43.444root 11241100x80000000000000007211125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb868f32d6b0e602021-12-23 11:51:43.444root 11241100x80000000000000007211126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9041dc43c5ad8f2021-12-23 11:51:43.444root 11241100x80000000000000007211127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a05efb1cfc0a2132021-12-23 11:51:43.444root 11241100x80000000000000007211128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb8c00591a2efc02021-12-23 11:51:43.943root 11241100x80000000000000007211129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e29da01de4bbfce2021-12-23 11:51:43.943root 11241100x80000000000000007211130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48652196b9c518f62021-12-23 11:51:43.943root 11241100x80000000000000007211131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01cb05bbcf02b852021-12-23 11:51:43.943root 11241100x80000000000000007211132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32fda2c59d81e272021-12-23 11:51:43.943root 11241100x80000000000000007211133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8e59715001ee22021-12-23 11:51:43.943root 11241100x80000000000000007211134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff7e392245708952021-12-23 11:51:43.943root 11241100x80000000000000007211135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f084455e245b4a102021-12-23 11:51:43.944root 11241100x80000000000000007211136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeee76958e145c92021-12-23 11:51:43.944root 11241100x80000000000000007211137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dabc67750c06d392021-12-23 11:51:43.944root 11241100x80000000000000007211138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d9476c39e2f2b82021-12-23 11:51:43.944root 354300x80000000000000007211139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33764-false10.0.1.12-8000- 11241100x80000000000000007211140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e04482728259d12021-12-23 11:51:44.219root 11241100x80000000000000007211141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9075ec9cbd41d9d32021-12-23 11:51:44.219root 11241100x80000000000000007211142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f21956d476783862021-12-23 11:51:44.219root 11241100x80000000000000007211143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd68f20191849cf2021-12-23 11:51:44.219root 11241100x80000000000000007211144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111d44667368997b2021-12-23 11:51:44.219root 11241100x80000000000000007211145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbb512bcc3406ba2021-12-23 11:51:44.219root 11241100x80000000000000007211146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696aa201983480f12021-12-23 11:51:44.219root 11241100x80000000000000007211147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6934152e62bf1842021-12-23 11:51:44.220root 11241100x80000000000000007211148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def74e5af19d6e852021-12-23 11:51:44.220root 11241100x80000000000000007211149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63846fecbaea378e2021-12-23 11:51:44.220root 11241100x80000000000000007211150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6affaa60b0dfbeb22021-12-23 11:51:44.220root 11241100x80000000000000007211151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabf0bf337662cfb2021-12-23 11:51:44.220root 11241100x80000000000000007211152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70706bbd89aefa5f2021-12-23 11:51:44.220root 11241100x80000000000000007211153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbb162a63b7a3c32021-12-23 11:51:44.220root 11241100x80000000000000007211154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9aa921f11c0bd62021-12-23 11:51:44.220root 11241100x80000000000000007211155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6009f1964b1654a32021-12-23 11:51:44.693root 11241100x80000000000000007211156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc005f93e1f63392021-12-23 11:51:44.693root 11241100x80000000000000007211157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa61a21f8c0aa302021-12-23 11:51:44.693root 11241100x80000000000000007211158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07fcee7b9cd8b1f2021-12-23 11:51:44.693root 11241100x80000000000000007211159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fdb8c01ac316d32021-12-23 11:51:44.693root 11241100x80000000000000007211160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39d2a746accf2c12021-12-23 11:51:44.693root 11241100x80000000000000007211161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb35c30a2ab1df162021-12-23 11:51:44.694root 11241100x80000000000000007211162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd26db768ba84c32021-12-23 11:51:44.694root 11241100x80000000000000007211163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c76cbd24e53b9812021-12-23 11:51:44.694root 11241100x80000000000000007211164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d08660f1fae1b12021-12-23 11:51:44.694root 11241100x80000000000000007211165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88da0121511d83d52021-12-23 11:51:44.694root 11241100x80000000000000007211166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c498b6353f9adb82021-12-23 11:51:44.694root 11241100x80000000000000007211167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1e5c4a62f4b31d2021-12-23 11:51:45.193root 11241100x80000000000000007211168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a740111acaa7e47c2021-12-23 11:51:45.193root 11241100x80000000000000007211169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d03e14ceca0c22021-12-23 11:51:45.193root 11241100x80000000000000007211170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593023136a05cf632021-12-23 11:51:45.193root 11241100x80000000000000007211171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214966a1a2432cf2021-12-23 11:51:45.193root 11241100x80000000000000007211172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d344cbcd103fff2021-12-23 11:51:45.193root 11241100x80000000000000007211173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393858ec7ed62ed62021-12-23 11:51:45.193root 11241100x80000000000000007211174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab1424445f6ae022021-12-23 11:51:45.194root 11241100x80000000000000007211175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d366af418b4873d2021-12-23 11:51:45.194root 11241100x80000000000000007211176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de162a6df1615c032021-12-23 11:51:45.194root 11241100x80000000000000007211177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59019ab84506a0392021-12-23 11:51:45.194root 11241100x80000000000000007211178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5460d40cbbca602021-12-23 11:51:45.194root 11241100x80000000000000007211179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b534d8f16febcf2021-12-23 11:51:45.693root 11241100x80000000000000007211180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd95f6ac669abe522021-12-23 11:51:45.693root 11241100x80000000000000007211181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec12d7e950da88d42021-12-23 11:51:45.693root 11241100x80000000000000007211182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209a81637dbcef02021-12-23 11:51:45.693root 11241100x80000000000000007211183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc536abb3eddeeb2021-12-23 11:51:45.693root 11241100x80000000000000007211184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1896e4be8c37e6e52021-12-23 11:51:45.693root 11241100x80000000000000007211185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfec9a2ed5d12bcb2021-12-23 11:51:45.693root 11241100x80000000000000007211186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d29122b3278a7a2021-12-23 11:51:45.694root 11241100x80000000000000007211187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e98809b94ec4ef2021-12-23 11:51:45.694root 11241100x80000000000000007211188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00a2fced4676c6d2021-12-23 11:51:45.694root 11241100x80000000000000007211189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625bf373f64f139d2021-12-23 11:51:45.694root 11241100x80000000000000007211190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4178d67a725adb5b2021-12-23 11:51:45.694root 11241100x80000000000000007211191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17a89c99fd8f6862021-12-23 11:51:46.193root 11241100x80000000000000007211192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d270c1b29a966f82021-12-23 11:51:46.193root 11241100x80000000000000007211193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6ee7e074de873b2021-12-23 11:51:46.193root 11241100x80000000000000007211194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b669e6706d2702962021-12-23 11:51:46.193root 11241100x80000000000000007211195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330f2112f632a99d2021-12-23 11:51:46.193root 11241100x80000000000000007211196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ca909743e3fc82021-12-23 11:51:46.193root 11241100x80000000000000007211197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fa69a7ce580fb82021-12-23 11:51:46.193root 11241100x80000000000000007211198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea2a741928835272021-12-23 11:51:46.193root 11241100x80000000000000007211199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c642d0d7a2bf6fa92021-12-23 11:51:46.194root 11241100x80000000000000007211200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e78291e11c8a0072021-12-23 11:51:46.194root 11241100x80000000000000007211201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a99b4795a42a2772021-12-23 11:51:46.194root 11241100x80000000000000007211202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1184bb5af827ec2021-12-23 11:51:46.194root 11241100x80000000000000007211203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e95a2ce2223be2021-12-23 11:51:46.693root 11241100x80000000000000007211204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003156ed1a09054c2021-12-23 11:51:46.693root 11241100x80000000000000007211205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677090d37e3820fa2021-12-23 11:51:46.693root 11241100x80000000000000007211206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a38f5150b989832021-12-23 11:51:46.693root 11241100x80000000000000007211207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51099f5c6a036892021-12-23 11:51:46.693root 11241100x80000000000000007211208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e4315269534d62021-12-23 11:51:46.693root 11241100x80000000000000007211209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feab2389d254d0942021-12-23 11:51:46.693root 11241100x80000000000000007211210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20b5dba88ccd5752021-12-23 11:51:46.693root 11241100x80000000000000007211211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7403230008067e2021-12-23 11:51:46.694root 11241100x80000000000000007211212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb68d0c5978ae072021-12-23 11:51:46.694root 11241100x80000000000000007211213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7647bbede6761a9e2021-12-23 11:51:46.694root 11241100x80000000000000007211214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab28847ce5b7cfa02021-12-23 11:51:46.694root 11241100x80000000000000007211215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca87bcf0b8c6c9c82021-12-23 11:51:47.193root 11241100x80000000000000007211216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c274b290e1193902021-12-23 11:51:47.193root 11241100x80000000000000007211217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2036faa2892d00e2021-12-23 11:51:47.193root 11241100x80000000000000007211218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026bf6d7c452ac92021-12-23 11:51:47.193root 11241100x80000000000000007211219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c999a595a799b10a2021-12-23 11:51:47.194root 11241100x80000000000000007211220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8a6cec7d0031652021-12-23 11:51:47.194root 11241100x80000000000000007211221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd613fe30b2016f2021-12-23 11:51:47.194root 11241100x80000000000000007211222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f572ba498608fd2021-12-23 11:51:47.194root 11241100x80000000000000007211223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930bd96482765fb2021-12-23 11:51:47.194root 11241100x80000000000000007211224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612d84b276356f452021-12-23 11:51:47.194root 11241100x80000000000000007211225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3954be1d503c0d112021-12-23 11:51:47.194root 11241100x80000000000000007211226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653a0733a6a45c642021-12-23 11:51:47.195root 11241100x80000000000000007211227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408af4fd3f26aade2021-12-23 11:51:47.693root 11241100x80000000000000007211228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37fb1acc216aebf2021-12-23 11:51:47.693root 11241100x80000000000000007211229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985c6eb6b8016492021-12-23 11:51:47.693root 11241100x80000000000000007211230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c429224dcf810b82021-12-23 11:51:47.693root 11241100x80000000000000007211231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceec32bd3f3ef0052021-12-23 11:51:47.693root 11241100x80000000000000007211232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0035ffc7185fab9a2021-12-23 11:51:47.693root 11241100x80000000000000007211233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83055a62e57b7472021-12-23 11:51:47.693root 11241100x80000000000000007211234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e3a7bc17964d632021-12-23 11:51:47.694root 11241100x80000000000000007211235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd949a383548f6db2021-12-23 11:51:47.694root 11241100x80000000000000007211236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b4a3858279b35e2021-12-23 11:51:47.694root 11241100x80000000000000007211237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9262c410f5d9d892021-12-23 11:51:47.694root 11241100x80000000000000007211238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9414eb6de16de5022021-12-23 11:51:47.694root 11241100x80000000000000007211239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096a1b97439455cd2021-12-23 11:51:48.193root 11241100x80000000000000007211240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb106f29635d2902021-12-23 11:51:48.193root 11241100x80000000000000007211241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d952174f515592021-12-23 11:51:48.193root 11241100x80000000000000007211242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ba133d1473bd12021-12-23 11:51:48.193root 11241100x80000000000000007211243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2205d96611d34d2021-12-23 11:51:48.193root 11241100x80000000000000007211244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e90eec08ed04622021-12-23 11:51:48.193root 11241100x80000000000000007211245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eba9d564b38cd52021-12-23 11:51:48.194root 11241100x80000000000000007211246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac22222d81f0032021-12-23 11:51:48.194root 11241100x80000000000000007211247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9129a10ac68da2021-12-23 11:51:48.194root 11241100x80000000000000007211248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e859b65704ec3d2021-12-23 11:51:48.194root 11241100x80000000000000007211249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d471ebb0401edac2021-12-23 11:51:48.194root 11241100x80000000000000007211250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6d816b5e114d2c2021-12-23 11:51:48.194root 11241100x80000000000000007211251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4808e241e254de712021-12-23 11:51:48.693root 11241100x80000000000000007211252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029770ae28d9f8b92021-12-23 11:51:48.694root 11241100x80000000000000007211253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eaf8bdfb9bd6c42021-12-23 11:51:48.694root 11241100x80000000000000007211254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e28b8738084a032021-12-23 11:51:48.694root 11241100x80000000000000007211255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f0f79742dd4be2021-12-23 11:51:48.694root 11241100x80000000000000007211256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7f3c40b4d4ba082021-12-23 11:51:48.694root 11241100x80000000000000007211257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f59b1b4723d182021-12-23 11:51:48.694root 11241100x80000000000000007211258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af89140468acfd452021-12-23 11:51:48.694root 11241100x80000000000000007211259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58abe600d84a690d2021-12-23 11:51:48.694root 11241100x80000000000000007211260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15c83eaf7c2ebde2021-12-23 11:51:48.694root 11241100x80000000000000007211261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4750bc558b9829d02021-12-23 11:51:48.694root 11241100x80000000000000007211262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5c33e84ec95f412021-12-23 11:51:48.694root 11241100x80000000000000007211263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277866414ff925a82021-12-23 11:51:49.193root 11241100x80000000000000007211264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dfd6bada722a282021-12-23 11:51:49.193root 11241100x80000000000000007211265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92da9f01ef49108c2021-12-23 11:51:49.193root 11241100x80000000000000007211266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f4a904f5a9c1c52021-12-23 11:51:49.193root 11241100x80000000000000007211267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa44c6a7ac1e2cb2021-12-23 11:51:49.193root 11241100x80000000000000007211268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15f44943afe1e032021-12-23 11:51:49.193root 11241100x80000000000000007211269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60633339e538cf542021-12-23 11:51:49.193root 11241100x80000000000000007211270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f1b5b426a6bba62021-12-23 11:51:49.193root 11241100x80000000000000007211271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e3b891498192f92021-12-23 11:51:49.194root 11241100x80000000000000007211272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24cfd15b0c343332021-12-23 11:51:49.194root 11241100x80000000000000007211273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591ae8c4b97a4f82021-12-23 11:51:49.194root 11241100x80000000000000007211274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106f47e80735c76f2021-12-23 11:51:49.194root 11241100x80000000000000007211275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f2e293d7fccf552021-12-23 11:51:49.693root 11241100x80000000000000007211276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a1dadd2b9902d2021-12-23 11:51:49.693root 11241100x80000000000000007211277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30f8119ca1597d52021-12-23 11:51:49.693root 11241100x80000000000000007211278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9653a831aba61ea72021-12-23 11:51:49.693root 11241100x80000000000000007211279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1139d00c781424b42021-12-23 11:51:49.693root 11241100x80000000000000007211280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd0994bf165bb462021-12-23 11:51:49.694root 11241100x80000000000000007211281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ba888c061993182021-12-23 11:51:49.694root 11241100x80000000000000007211282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e4ea7f33e717802021-12-23 11:51:49.694root 11241100x80000000000000007211283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9ec40eaaf6c2612021-12-23 11:51:49.694root 11241100x80000000000000007211284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300b552c3940d1a72021-12-23 11:51:49.694root 11241100x80000000000000007211285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afa0e71c862bbd72021-12-23 11:51:49.694root 11241100x80000000000000007211286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d219d15817b1842021-12-23 11:51:49.694root 354300x80000000000000007211287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.029{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33766-false10.0.1.12-8000- 11241100x80000000000000007211288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec5b4ed0671e712021-12-23 11:51:50.030root 11241100x80000000000000007211289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c843b30de7dc212021-12-23 11:51:50.030root 11241100x80000000000000007211290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d1f95e7f576c592021-12-23 11:51:50.030root 11241100x80000000000000007211291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59772076d571df12021-12-23 11:51:50.030root 11241100x80000000000000007211292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e4e7f7df090a442021-12-23 11:51:50.030root 11241100x80000000000000007211293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526026b367acb2e42021-12-23 11:51:50.030root 11241100x80000000000000007211294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66624028171531902021-12-23 11:51:50.030root 11241100x80000000000000007211295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09925f106559ff42021-12-23 11:51:50.031root 11241100x80000000000000007211296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf00fcd9aa4b6b592021-12-23 11:51:50.031root 11241100x80000000000000007211297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93749a74766eb0692021-12-23 11:51:50.031root 11241100x80000000000000007211298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f2f60c5148edc22021-12-23 11:51:50.031root 11241100x80000000000000007211299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd1658344e1f2292021-12-23 11:51:50.031root 11241100x80000000000000007211300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28cbf4690f7360a2021-12-23 11:51:50.031root 11241100x80000000000000007211301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6b0decc4cc734e2021-12-23 11:51:50.031root 11241100x80000000000000007211302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee9cb6746c0129f2021-12-23 11:51:50.031root 11241100x80000000000000007211303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0f5e10941ad50b2021-12-23 11:51:50.031root 11241100x80000000000000007211304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43db27502c51f1392021-12-23 11:51:50.031root 11241100x80000000000000007211305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c50e3b7f12908c82021-12-23 11:51:50.443root 11241100x80000000000000007211306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825e0db3de3a5bb82021-12-23 11:51:50.443root 11241100x80000000000000007211307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f02734cb2e3303b2021-12-23 11:51:50.443root 11241100x80000000000000007211308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869088e1348f8092021-12-23 11:51:50.443root 11241100x80000000000000007211309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc81c3cc31e2cf72021-12-23 11:51:50.443root 11241100x80000000000000007211310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb72ef5f369661d2021-12-23 11:51:50.443root 11241100x80000000000000007211311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf22c07973bfa5c2021-12-23 11:51:50.443root 11241100x80000000000000007211312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07bbfe790b04ccf2021-12-23 11:51:50.443root 11241100x80000000000000007211313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d20e9d8028501c2021-12-23 11:51:50.443root 11241100x80000000000000007211314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b912748fd9c632f2021-12-23 11:51:50.444root 11241100x80000000000000007211315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af3042b5f299c5e2021-12-23 11:51:50.444root 11241100x80000000000000007211316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2e86d5bde4c39e2021-12-23 11:51:50.444root 11241100x80000000000000007211317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a15a20900f42a82021-12-23 11:51:50.444root 11241100x80000000000000007211318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d19026be1a733b2021-12-23 11:51:50.943root 11241100x80000000000000007211319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5447be0e87b4c7172021-12-23 11:51:50.943root 11241100x80000000000000007211320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8eabcbd5349db32021-12-23 11:51:50.944root 11241100x80000000000000007211321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91a62e43ca50e752021-12-23 11:51:50.944root 11241100x80000000000000007211322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec49fa939005abcf2021-12-23 11:51:50.944root 11241100x80000000000000007211323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b999faf46eed3b22021-12-23 11:51:50.944root 11241100x80000000000000007211324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3664a8c008db9162021-12-23 11:51:50.945root 11241100x80000000000000007211325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468dcaee11cef5572021-12-23 11:51:50.945root 11241100x80000000000000007211326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38466c04f28c3fb2021-12-23 11:51:50.945root 11241100x80000000000000007211327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d36cce926268082021-12-23 11:51:50.945root 11241100x80000000000000007211328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd4d6c7f17dcb0e2021-12-23 11:51:50.945root 11241100x80000000000000007211329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55205ae063aefa822021-12-23 11:51:50.946root 11241100x80000000000000007211330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3395e28562a7ec082021-12-23 11:51:50.946root 11241100x80000000000000007211331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1557dbe2bdefe6d2021-12-23 11:51:51.443root 11241100x80000000000000007211332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f601d47632aff22021-12-23 11:51:51.443root 11241100x80000000000000007211333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c88e539f1661812021-12-23 11:51:51.444root 11241100x80000000000000007211334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860828ad62d120262021-12-23 11:51:51.444root 11241100x80000000000000007211335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59295d28fd1f06de2021-12-23 11:51:51.444root 11241100x80000000000000007211336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb692b16189b0632021-12-23 11:51:51.444root 11241100x80000000000000007211337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab88162113dc433d2021-12-23 11:51:51.445root 11241100x80000000000000007211338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d46f4dcbad854b12021-12-23 11:51:51.445root 11241100x80000000000000007211339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278f84d5a9ad60e2021-12-23 11:51:51.445root 11241100x80000000000000007211340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abf8b011665b17c2021-12-23 11:51:51.445root 11241100x80000000000000007211341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0544d20ced9243402021-12-23 11:51:51.446root 11241100x80000000000000007211342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce2dad601e21fbb2021-12-23 11:51:51.446root 11241100x80000000000000007211343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5fd2b3a617bc8c2021-12-23 11:51:51.446root 11241100x80000000000000007211344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86078ab7c4ed78e82021-12-23 11:51:51.943root 11241100x80000000000000007211345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d5404ed5faefd72021-12-23 11:51:51.943root 11241100x80000000000000007211346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7b1a80dd7bb7672021-12-23 11:51:51.944root 11241100x80000000000000007211347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe68294494631492021-12-23 11:51:51.944root 11241100x80000000000000007211348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8500e0cde32842021-12-23 11:51:51.944root 11241100x80000000000000007211349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f7521450aceb282021-12-23 11:51:51.944root 11241100x80000000000000007211350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d1047d86961a02021-12-23 11:51:51.945root 11241100x80000000000000007211351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09665c73f4482fe42021-12-23 11:51:51.945root 11241100x80000000000000007211352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1089da9adc94de2021-12-23 11:51:51.945root 11241100x80000000000000007211353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906df38b3b358d272021-12-23 11:51:51.945root 11241100x80000000000000007211354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8908b55a84a9e22021-12-23 11:51:51.945root 11241100x80000000000000007211355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf84570ba0ff1b182021-12-23 11:51:51.945root 11241100x80000000000000007211356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b7b036b85b2a2c2021-12-23 11:51:51.945root 11241100x80000000000000007211357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50026577ecc134b02021-12-23 11:51:52.443root 11241100x80000000000000007211358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a5783685e16fe02021-12-23 11:51:52.443root 11241100x80000000000000007211359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee84a1e4692266c2021-12-23 11:51:52.443root 11241100x80000000000000007211360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dda2af0512fdff2021-12-23 11:51:52.443root 11241100x80000000000000007211361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd48606dada6fe0e2021-12-23 11:51:52.443root 11241100x80000000000000007211362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc523d5e6b0c1e392021-12-23 11:51:52.443root 11241100x80000000000000007211363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5491c49790d66e2021-12-23 11:51:52.443root 11241100x80000000000000007211364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713df97ffcbafde52021-12-23 11:51:52.444root 11241100x80000000000000007211365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fff9b7beda421be2021-12-23 11:51:52.444root 11241100x80000000000000007211366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eac2410ca2346002021-12-23 11:51:52.444root 11241100x80000000000000007211367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d605a39c752d62021-12-23 11:51:52.444root 11241100x80000000000000007211368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ef20a59a096882021-12-23 11:51:52.444root 11241100x80000000000000007211369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc5d65cc443126c2021-12-23 11:51:52.444root 11241100x80000000000000007211370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651384d44149779c2021-12-23 11:51:52.943root 11241100x80000000000000007211371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e144d2f3e32f14cf2021-12-23 11:51:52.943root 11241100x80000000000000007211372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c040dd3a5c90ab502021-12-23 11:51:52.943root 11241100x80000000000000007211373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4416015a9c7fec522021-12-23 11:51:52.943root 11241100x80000000000000007211374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa593d65439208bc2021-12-23 11:51:52.943root 11241100x80000000000000007211375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218ba93a850cfdec2021-12-23 11:51:52.943root 11241100x80000000000000007211376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac7b4e25a61d7722021-12-23 11:51:52.943root 11241100x80000000000000007211377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e7e3a5d591540f2021-12-23 11:51:52.944root 11241100x80000000000000007211378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046e4c4046cf62d32021-12-23 11:51:52.944root 11241100x80000000000000007211379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de09aabf56da282021-12-23 11:51:52.944root 11241100x80000000000000007211380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8eef9fdd9346712021-12-23 11:51:52.944root 11241100x80000000000000007211381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ca0f16e1adc3462021-12-23 11:51:52.944root 11241100x80000000000000007211382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c460b82e309f12021-12-23 11:51:52.944root 11241100x80000000000000007211383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f698839807d73e82021-12-23 11:51:53.443root 11241100x80000000000000007211384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8773fe50c13b472021-12-23 11:51:53.443root 11241100x80000000000000007211385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572dea255a0607502021-12-23 11:51:53.443root 11241100x80000000000000007211386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9bcfb71ae6b6d62021-12-23 11:51:53.443root 11241100x80000000000000007211387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee6b03e6bb441712021-12-23 11:51:53.443root 11241100x80000000000000007211388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51797b9f1a1139ac2021-12-23 11:51:53.443root 11241100x80000000000000007211389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2919013e5a9fdfeb2021-12-23 11:51:53.443root 11241100x80000000000000007211390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff7ebcb497245d92021-12-23 11:51:53.444root 11241100x80000000000000007211391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498599ab485159ca2021-12-23 11:51:53.444root 11241100x80000000000000007211392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26010242cf59ec0a2021-12-23 11:51:53.444root 11241100x80000000000000007211393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a546fc940d787fe2021-12-23 11:51:53.444root 11241100x80000000000000007211394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa161a2b34df41e2021-12-23 11:51:53.444root 11241100x80000000000000007211395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eeaeeb88f837072021-12-23 11:51:53.444root 11241100x80000000000000007211396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ab0a7f6c031fa12021-12-23 11:51:53.943root 11241100x80000000000000007211397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f47d5b0fb86399d2021-12-23 11:51:53.943root 11241100x80000000000000007211398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b3a786638d92cb2021-12-23 11:51:53.943root 11241100x80000000000000007211399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfa698ec4b53ee02021-12-23 11:51:53.943root 11241100x80000000000000007211400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e569fdda11d73912021-12-23 11:51:53.943root 11241100x80000000000000007211401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f9acaaa452ae872021-12-23 11:51:53.943root 11241100x80000000000000007211402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08f5ff67084cb3f2021-12-23 11:51:53.944root 11241100x80000000000000007211403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47baac125ce39772021-12-23 11:51:53.944root 11241100x80000000000000007211404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ad61c839a920c52021-12-23 11:51:53.944root 11241100x80000000000000007211405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889a28e2d5c3f0282021-12-23 11:51:53.944root 11241100x80000000000000007211406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f8cdc751192ad2021-12-23 11:51:53.944root 11241100x80000000000000007211407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec23af219e2fdbd2021-12-23 11:51:53.944root 11241100x80000000000000007211408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db0320105649692021-12-23 11:51:53.944root 11241100x80000000000000007211409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f9a9edb13364c12021-12-23 11:51:54.443root 11241100x80000000000000007211410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4464b3906beb422021-12-23 11:51:54.443root 11241100x80000000000000007211411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf8cf3156b767ac2021-12-23 11:51:54.443root 11241100x80000000000000007211412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26958ff8f82cc942021-12-23 11:51:54.443root 11241100x80000000000000007211413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5354aac071fa292021-12-23 11:51:54.443root 11241100x80000000000000007211414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce039be4c2a20d02021-12-23 11:51:54.443root 11241100x80000000000000007211415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0893a3f6508ec6052021-12-23 11:51:54.443root 11241100x80000000000000007211416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f681f479120d222021-12-23 11:51:54.444root 11241100x80000000000000007211417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbedf5ab2354f952021-12-23 11:51:54.444root 11241100x80000000000000007211418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a8052daba56ee22021-12-23 11:51:54.444root 11241100x80000000000000007211419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510a3ffb68049af72021-12-23 11:51:54.444root 11241100x80000000000000007211420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a9b331d1d68e242021-12-23 11:51:54.444root 11241100x80000000000000007211421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482860a60c283d1e2021-12-23 11:51:54.444root 11241100x80000000000000007211422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d829f979b218022021-12-23 11:51:54.943root 11241100x80000000000000007211423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb13615f25672732021-12-23 11:51:54.943root 11241100x80000000000000007211424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a50965894e9b7db2021-12-23 11:51:54.944root 11241100x80000000000000007211425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928351b08ca3f2862021-12-23 11:51:54.944root 11241100x80000000000000007211426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87e62854d4710462021-12-23 11:51:54.944root 11241100x80000000000000007211427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e037e1e94284f4d22021-12-23 11:51:54.945root 11241100x80000000000000007211428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dac2659e0d72c7f2021-12-23 11:51:54.945root 11241100x80000000000000007211429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45ac5adfc9ff9ce2021-12-23 11:51:54.945root 11241100x80000000000000007211430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1660dcddfd8c6a792021-12-23 11:51:54.945root 11241100x80000000000000007211431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82280bd07afe00032021-12-23 11:51:54.946root 11241100x80000000000000007211432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dc1a8303b528a92021-12-23 11:51:54.946root 11241100x80000000000000007211433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caf938d60a2eacb2021-12-23 11:51:54.946root 11241100x80000000000000007211434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21026b6aaf032ea82021-12-23 11:51:54.947root 354300x80000000000000007211435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.210{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33768-false10.0.1.12-8000- 11241100x80000000000000007211436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6300e761ec31ed662021-12-23 11:51:55.211root 11241100x80000000000000007211437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331cc080237674532021-12-23 11:51:55.211root 11241100x80000000000000007211438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf752a71fbd7c2c2021-12-23 11:51:55.211root 11241100x80000000000000007211439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0decccc4ed73c5c92021-12-23 11:51:55.211root 11241100x80000000000000007211440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8415412fc5530822021-12-23 11:51:55.211root 11241100x80000000000000007211441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922d593a894374662021-12-23 11:51:55.212root 11241100x80000000000000007211442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d094b4b4cd5520e02021-12-23 11:51:55.212root 11241100x80000000000000007211443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b942c4d04d5858b2021-12-23 11:51:55.212root 11241100x80000000000000007211444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b19b45c80bd5d42021-12-23 11:51:55.212root 11241100x80000000000000007211445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a138aced29ccea2021-12-23 11:51:55.212root 11241100x80000000000000007211446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bde53344eb32be72021-12-23 11:51:55.212root 11241100x80000000000000007211447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0285b3aadf41c2ef2021-12-23 11:51:55.212root 11241100x80000000000000007211448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9171d9d1673f947a2021-12-23 11:51:55.212root 11241100x80000000000000007211449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00caff16aec3b4fa2021-12-23 11:51:55.212root 11241100x80000000000000007211450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52843b827d7b7fbb2021-12-23 11:51:55.693root 11241100x80000000000000007211451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdfbe2f9274bbf62021-12-23 11:51:55.693root 11241100x80000000000000007211452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8d6caaf1ad13672021-12-23 11:51:55.693root 11241100x80000000000000007211453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6c03c9322944522021-12-23 11:51:55.693root 11241100x80000000000000007211454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4367e01723fd46b2021-12-23 11:51:55.693root 11241100x80000000000000007211455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ef2112b7ab3cdd2021-12-23 11:51:55.693root 11241100x80000000000000007211456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff3abc28e1c87832021-12-23 11:51:55.693root 11241100x80000000000000007211457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e56b75223a2dd2e2021-12-23 11:51:55.694root 11241100x80000000000000007211458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eee37fe65ce81d32021-12-23 11:51:55.694root 11241100x80000000000000007211459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0310e483a2dd292021-12-23 11:51:55.694root 11241100x80000000000000007211460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f542a55515b9d71e2021-12-23 11:51:55.694root 11241100x80000000000000007211461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b9e9ea2124b0a72021-12-23 11:51:55.694root 11241100x80000000000000007211462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84881f7a56d9ce522021-12-23 11:51:55.694root 11241100x80000000000000007211463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d266a917860077862021-12-23 11:51:55.694root 11241100x80000000000000007211464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc109b1a90db2ca2021-12-23 11:51:56.193root 11241100x80000000000000007211465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0462a69162e468bd2021-12-23 11:51:56.193root 11241100x80000000000000007211466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8285447a68953f22021-12-23 11:51:56.193root 11241100x80000000000000007211467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1251807f8ef12a2d2021-12-23 11:51:56.193root 11241100x80000000000000007211468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf1c28355f1d6c32021-12-23 11:51:56.193root 11241100x80000000000000007211469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644ad63ba1ed4c92021-12-23 11:51:56.193root 11241100x80000000000000007211470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970449e1c9beec3b2021-12-23 11:51:56.193root 11241100x80000000000000007211471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16a7ceb5a8102e42021-12-23 11:51:56.194root 11241100x80000000000000007211472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0a2820e1eb93a12021-12-23 11:51:56.194root 11241100x80000000000000007211473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7b5264f03b8e542021-12-23 11:51:56.194root 11241100x80000000000000007211474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60056621e21f38ba2021-12-23 11:51:56.194root 11241100x80000000000000007211475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3ed106979d16f62021-12-23 11:51:56.194root 11241100x80000000000000007211476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5390cd754334bc0b2021-12-23 11:51:56.194root 11241100x80000000000000007211477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dfe51e826b2f8b2021-12-23 11:51:56.194root 11241100x80000000000000007211478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dbe1889c87e9fd2021-12-23 11:51:56.693root 11241100x80000000000000007211479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd76e0719d5c1462021-12-23 11:51:56.693root 11241100x80000000000000007211480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c27e783be61e932021-12-23 11:51:56.693root 11241100x80000000000000007211481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d8c102b7a13ba22021-12-23 11:51:56.693root 11241100x80000000000000007211482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc39736b6c04177e2021-12-23 11:51:56.693root 11241100x80000000000000007211483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b996cb033eb59c2021-12-23 11:51:56.693root 11241100x80000000000000007211484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa14f3df1a2956b2021-12-23 11:51:56.693root 11241100x80000000000000007211485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105e430ae1657102021-12-23 11:51:56.694root 11241100x80000000000000007211486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1213e6668664370b2021-12-23 11:51:56.694root 11241100x80000000000000007211487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361c4a913ae654c22021-12-23 11:51:56.694root 11241100x80000000000000007211488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cf296070ab45c42021-12-23 11:51:56.694root 11241100x80000000000000007211489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d24a6a88bd3bb22021-12-23 11:51:56.694root 11241100x80000000000000007211490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4fd278fcaac1de2021-12-23 11:51:56.694root 11241100x80000000000000007211491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9250255c1592ffec2021-12-23 11:51:56.694root 11241100x80000000000000007211492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1ed52ada4d161c2021-12-23 11:51:57.193root 11241100x80000000000000007211493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4afca52da95015e2021-12-23 11:51:57.193root 11241100x80000000000000007211494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ee3a5da66aabe62021-12-23 11:51:57.193root 11241100x80000000000000007211495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ecad7c0b8e2d542021-12-23 11:51:57.193root 11241100x80000000000000007211496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e90ef0c5133562021-12-23 11:51:57.193root 11241100x80000000000000007211497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49d50c337d7b6622021-12-23 11:51:57.193root 11241100x80000000000000007211498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a9b1dfecb00c6a2021-12-23 11:51:57.193root 11241100x80000000000000007211499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ecf0886d3883a2021-12-23 11:51:57.193root 11241100x80000000000000007211500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f4112621e952222021-12-23 11:51:57.193root 11241100x80000000000000007211501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ec11843161b4b2021-12-23 11:51:57.193root 11241100x80000000000000007211502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0fc17b8077baea2021-12-23 11:51:57.194root 11241100x80000000000000007211503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc4b536265574a62021-12-23 11:51:57.194root 11241100x80000000000000007211504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4626c7e7b789972021-12-23 11:51:57.194root 11241100x80000000000000007211505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53df58cbfca2ab9e2021-12-23 11:51:57.194root 11241100x80000000000000007211506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c72179ef6f3fd3d2021-12-23 11:51:57.693root 11241100x80000000000000007211507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d1d25cfa0d89642021-12-23 11:51:57.693root 11241100x80000000000000007211508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a9c0d7788c22cf2021-12-23 11:51:57.693root 11241100x80000000000000007211509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b41ab804f3894472021-12-23 11:51:57.693root 11241100x80000000000000007211510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616bb6c8635e75f12021-12-23 11:51:57.693root 11241100x80000000000000007211511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e864313ff171822021-12-23 11:51:57.693root 11241100x80000000000000007211512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aa48c3e8fc71c02021-12-23 11:51:57.693root 11241100x80000000000000007211513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb17a7e7a4b870322021-12-23 11:51:57.693root 11241100x80000000000000007211514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5de4d65bb502a072021-12-23 11:51:57.694root 11241100x80000000000000007211515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4118a7b25ae3b0292021-12-23 11:51:57.694root 11241100x80000000000000007211516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f21a22d72aefe12021-12-23 11:51:57.694root 11241100x80000000000000007211517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f59fa44461cee2021-12-23 11:51:57.694root 11241100x80000000000000007211518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdb8fb3c052536c2021-12-23 11:51:57.694root 11241100x80000000000000007211519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f7fe2274b12fac2021-12-23 11:51:57.694root 11241100x80000000000000007211520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cec74792365faee2021-12-23 11:51:57.695root 11241100x80000000000000007211521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6e87b323154352021-12-23 11:51:57.695root 11241100x80000000000000007211522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c4a194e6c3e7a2021-12-23 11:51:57.695root 11241100x80000000000000007211523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a626eca2c8607e482021-12-23 11:51:57.695root 11241100x80000000000000007211524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849e40548bf71e4b2021-12-23 11:51:57.695root 11241100x80000000000000007211525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fd81ef3221dced2021-12-23 11:51:57.695root 11241100x80000000000000007211526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462642a4dba430f22021-12-23 11:51:57.695root 11241100x80000000000000007211527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ff8551fc690c172021-12-23 11:51:57.695root 11241100x80000000000000007211528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44137ab072c905752021-12-23 11:51:57.695root 11241100x80000000000000007211529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bbe46684077bdd2021-12-23 11:51:57.696root 11241100x80000000000000007211530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78798b6dcf02f6282021-12-23 11:51:57.696root 11241100x80000000000000007211531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b3eed07f9bc0fd2021-12-23 11:51:57.696root 11241100x80000000000000007211532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a069039af912562021-12-23 11:51:57.696root 11241100x80000000000000007211533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e943b3617e463e672021-12-23 11:51:57.696root 11241100x80000000000000007211534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9681f70dc1447f2021-12-23 11:51:58.193root 11241100x80000000000000007211535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a4c4c907cfad0a2021-12-23 11:51:58.193root 11241100x80000000000000007211536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b69fa31ced976472021-12-23 11:51:58.193root 11241100x80000000000000007211537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea0d519b0eddd872021-12-23 11:51:58.193root 11241100x80000000000000007211538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cbda5896a620052021-12-23 11:51:58.193root 11241100x80000000000000007211539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d7357dd4685b0e2021-12-23 11:51:58.193root 11241100x80000000000000007211540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e886f456157dc02021-12-23 11:51:58.193root 11241100x80000000000000007211541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d406a451f5b70f212021-12-23 11:51:58.193root 11241100x80000000000000007211542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18e97bfefdbae8f2021-12-23 11:51:58.194root 11241100x80000000000000007211543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293c1c90fd1969932021-12-23 11:51:58.194root 11241100x80000000000000007211544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658258845696190d2021-12-23 11:51:58.194root 11241100x80000000000000007211545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21994f9fc844e9002021-12-23 11:51:58.194root 11241100x80000000000000007211546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8559029c286e965f2021-12-23 11:51:58.194root 11241100x80000000000000007211547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b56f6ce34aad8682021-12-23 11:51:58.194root 11241100x80000000000000007211548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd95738f4516c4852021-12-23 11:51:58.693root 11241100x80000000000000007211549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e490047c920b2482021-12-23 11:51:58.693root 11241100x80000000000000007211550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae14f9b3ef181052021-12-23 11:51:58.693root 11241100x80000000000000007211551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09be59d169f52982021-12-23 11:51:58.693root 11241100x80000000000000007211552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cfe44685301a52021-12-23 11:51:58.693root 11241100x80000000000000007211553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b24e39f82416fd2021-12-23 11:51:58.693root 11241100x80000000000000007211554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19463965a3ba6602021-12-23 11:51:58.693root 11241100x80000000000000007211555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c250381645d32112021-12-23 11:51:58.693root 11241100x80000000000000007211556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5204e0bdf161b9762021-12-23 11:51:58.693root 11241100x80000000000000007211557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51582d13dcc680eb2021-12-23 11:51:58.693root 11241100x80000000000000007211558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368558fabdb929192021-12-23 11:51:58.694root 11241100x80000000000000007211559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea38ae6629f51452021-12-23 11:51:58.694root 11241100x80000000000000007211560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b981e3b6da0575402021-12-23 11:51:58.694root 11241100x80000000000000007211561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39904383e8f33f92021-12-23 11:51:58.694root 11241100x80000000000000007211562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea5cfbfd1381402021-12-23 11:51:59.193root 11241100x80000000000000007211563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af8c396157581eb2021-12-23 11:51:59.194root 11241100x80000000000000007211564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46310ae76bdacded2021-12-23 11:51:59.194root 11241100x80000000000000007211565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ff7e7c1b1e7fe2021-12-23 11:51:59.195root 11241100x80000000000000007211566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf2841a98dcb49a2021-12-23 11:51:59.195root 11241100x80000000000000007211567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3acf0c3d5a892f2021-12-23 11:51:59.195root 11241100x80000000000000007211568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a102b7db0dc750f2021-12-23 11:51:59.195root 11241100x80000000000000007211569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a9c56d29c454102021-12-23 11:51:59.195root 11241100x80000000000000007211570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a13cb8008f3e122021-12-23 11:51:59.196root 11241100x80000000000000007211571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc47861ba4c8b812021-12-23 11:51:59.196root 11241100x80000000000000007211572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac78f9241bc0bc22021-12-23 11:51:59.196root 11241100x80000000000000007211573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633093392173ada2021-12-23 11:51:59.196root 11241100x80000000000000007211574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c5c3ae5c5649e82021-12-23 11:51:59.196root 11241100x80000000000000007211575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a5528c233a48e2021-12-23 11:51:59.196root 11241100x80000000000000007211576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194da052d0125ffa2021-12-23 11:51:59.693root 11241100x80000000000000007211577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b7e25d85bf56b2021-12-23 11:51:59.693root 11241100x80000000000000007211578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f11788fb355e0d82021-12-23 11:51:59.693root 11241100x80000000000000007211579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ede8df3b62a1be2021-12-23 11:51:59.693root 11241100x80000000000000007211580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fce23f0a98f46ce2021-12-23 11:51:59.693root 11241100x80000000000000007211581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc410db854ee78bf2021-12-23 11:51:59.693root 11241100x80000000000000007211582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca98a7a3d20605b2021-12-23 11:51:59.693root 11241100x80000000000000007211583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f997de5849debf0b2021-12-23 11:51:59.693root 11241100x80000000000000007211584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccbbd006e470f992021-12-23 11:51:59.693root 11241100x80000000000000007211585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b89e32f09691e1f2021-12-23 11:51:59.694root 11241100x80000000000000007211586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028aa9cf3deeb5de2021-12-23 11:51:59.694root 11241100x80000000000000007211587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e59507d24a048962021-12-23 11:51:59.694root 11241100x80000000000000007211588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325aaf41393605fe2021-12-23 11:51:59.694root 11241100x80000000000000007211589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0550e4af4dfdd72021-12-23 11:51:59.694root 11241100x80000000000000007211590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:52:00.142root 11241100x80000000000000007211591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479254476b766b742021-12-23 11:52:00.143root 11241100x80000000000000007211592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac578daa27b9fc0b2021-12-23 11:52:00.143root 11241100x80000000000000007211593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50ee4bea661948b2021-12-23 11:52:00.143root 11241100x80000000000000007211594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3794af32279079c82021-12-23 11:52:00.144root 11241100x80000000000000007211595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2c1ea00bd4cc8c2021-12-23 11:52:00.144root 11241100x80000000000000007211596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86e3c67ee1cfeca2021-12-23 11:52:00.144root 11241100x80000000000000007211597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b01a779f1070cc2021-12-23 11:52:00.144root 11241100x80000000000000007211598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3507a176347a488d2021-12-23 11:52:00.144root 11241100x80000000000000007211599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b85acea5fd347462021-12-23 11:52:00.144root 11241100x80000000000000007211600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f535d2d49cf5e2d12021-12-23 11:52:00.144root 11241100x80000000000000007211601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919feca3f34b6b762021-12-23 11:52:00.145root 11241100x80000000000000007211602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d4d6386b58c0af2021-12-23 11:52:00.145root 11241100x80000000000000007211603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5338a7afcf9e1d72021-12-23 11:52:00.145root 11241100x80000000000000007211604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290b258a1275e3cf2021-12-23 11:52:00.145root 11241100x80000000000000007211605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc96d91ddc7826e82021-12-23 11:52:00.145root 11241100x80000000000000007211606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8367252c08149ffa2021-12-23 11:52:00.145root 11241100x80000000000000007211607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d677b97740d26c4b2021-12-23 11:52:00.145root 11241100x80000000000000007211608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb94edda70f56d12021-12-23 11:52:00.443root 11241100x80000000000000007211609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309e867a5267f59b2021-12-23 11:52:00.443root 11241100x80000000000000007211610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8d8f75a6678f6b2021-12-23 11:52:00.443root 11241100x80000000000000007211611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48be43559fd3a932021-12-23 11:52:00.443root 11241100x80000000000000007211612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea13a02e362628522021-12-23 11:52:00.443root 11241100x80000000000000007211613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385d230c9b450102021-12-23 11:52:00.443root 11241100x80000000000000007211614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895dda6c44ca671b2021-12-23 11:52:00.443root 11241100x80000000000000007211615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb0f89a258f09b2021-12-23 11:52:00.443root 11241100x80000000000000007211616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0d1c0c4f42985a2021-12-23 11:52:00.443root 11241100x80000000000000007211617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54ab010008b9162021-12-23 11:52:00.443root 11241100x80000000000000007211618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79af83ff27efd362021-12-23 11:52:00.443root 11241100x80000000000000007211619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c13066a82fcbefe2021-12-23 11:52:00.443root 11241100x80000000000000007211620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0771a13457401d832021-12-23 11:52:00.443root 11241100x80000000000000007211621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa4d0f58f1f0a932021-12-23 11:52:00.444root 11241100x80000000000000007211622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43651da2b7d2e6df2021-12-23 11:52:00.444root 11241100x80000000000000007211623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556f45bc095355232021-12-23 11:52:00.943root 11241100x80000000000000007211624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853e5c2abc84f8882021-12-23 11:52:00.943root 11241100x80000000000000007211625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253d69ad32f973052021-12-23 11:52:00.943root 11241100x80000000000000007211626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedf9e81c46cae352021-12-23 11:52:00.943root 11241100x80000000000000007211627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b348ce7aab59a322021-12-23 11:52:00.943root 11241100x80000000000000007211628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b88addc9ff2332021-12-23 11:52:00.943root 11241100x80000000000000007211629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252f190f18a74e562021-12-23 11:52:00.943root 11241100x80000000000000007211630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ac6969360828902021-12-23 11:52:00.943root 11241100x80000000000000007211631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845056d6c22595232021-12-23 11:52:00.944root 11241100x80000000000000007211632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2640159ccbc77c052021-12-23 11:52:00.944root 11241100x80000000000000007211633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a6d1d5f29673002021-12-23 11:52:00.944root 11241100x80000000000000007211634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d421a0dc49f0e55b2021-12-23 11:52:00.944root 11241100x80000000000000007211635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36de4e2da11d2122021-12-23 11:52:00.944root 11241100x80000000000000007211636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2190f00c7cf3d0092021-12-23 11:52:00.944root 11241100x80000000000000007211637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcfb37b497e27b42021-12-23 11:52:00.944root 354300x80000000000000007211638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.155{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33770-false10.0.1.12-8000- 11241100x80000000000000007211639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22def25657778b342021-12-23 11:52:01.443root 11241100x80000000000000007211640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71473c46d2b0e092021-12-23 11:52:01.444root 11241100x80000000000000007211641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8428611db72bcdb2021-12-23 11:52:01.444root 11241100x80000000000000007211642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe76c995382cd492021-12-23 11:52:01.444root 11241100x80000000000000007211643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f12c2f25de7c42021-12-23 11:52:01.444root 11241100x80000000000000007211644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6b5730cafc1ca42021-12-23 11:52:01.444root 11241100x80000000000000007211645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64895845f38b0e2021-12-23 11:52:01.444root 11241100x80000000000000007211646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbf0ad63fe53f7a2021-12-23 11:52:01.445root 11241100x80000000000000007211647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a897fe035e2d4d2021-12-23 11:52:01.445root 11241100x80000000000000007211648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42699c16a6e24be62021-12-23 11:52:01.445root 11241100x80000000000000007211649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5711cf6d1da47e142021-12-23 11:52:01.445root 11241100x80000000000000007211650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2989da8a72fd0532021-12-23 11:52:01.445root 11241100x80000000000000007211651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a7bf04b3038cf32021-12-23 11:52:01.445root 11241100x80000000000000007211652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17990932a99f9182021-12-23 11:52:01.445root 11241100x80000000000000007211653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89acfe768e4338f62021-12-23 11:52:01.446root 11241100x80000000000000007211654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958c3ccef8b355cc2021-12-23 11:52:01.446root 11241100x80000000000000007211655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a58276613be2042021-12-23 11:52:01.942root 11241100x80000000000000007211656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8118553b1a374a892021-12-23 11:52:01.943root 11241100x80000000000000007211657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad339d6581b2b852021-12-23 11:52:01.943root 11241100x80000000000000007211658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb156bce2eac33f2021-12-23 11:52:01.943root 11241100x80000000000000007211659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518b56ca0824bbde2021-12-23 11:52:01.943root 11241100x80000000000000007211660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ec5803a7be1c5a2021-12-23 11:52:01.943root 11241100x80000000000000007211661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610b32d0ce0ee2c42021-12-23 11:52:01.944root 11241100x80000000000000007211662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3157ceae17c92f072021-12-23 11:52:01.944root 11241100x80000000000000007211663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f762474fbde3e50d2021-12-23 11:52:01.944root 11241100x80000000000000007211664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991e187581ca7572021-12-23 11:52:01.944root 11241100x80000000000000007211665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65df40bf16b3d9742021-12-23 11:52:01.944root 11241100x80000000000000007211666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a20b0f167d641752021-12-23 11:52:01.945root 11241100x80000000000000007211667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16cbdef0be3fb032021-12-23 11:52:01.945root 11241100x80000000000000007211668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d6212e31eb88c72021-12-23 11:52:01.945root 11241100x80000000000000007211669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93c858bce05d36e2021-12-23 11:52:01.945root 11241100x80000000000000007211670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79490b65b716c8812021-12-23 11:52:01.945root 11241100x80000000000000007211671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9f8480d3dd2e42021-12-23 11:52:01.945root 11241100x80000000000000007211672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31564ad76aa4e56e2021-12-23 11:52:01.945root 11241100x80000000000000007211673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35a5122f8121cb82021-12-23 11:52:02.443root 11241100x80000000000000007211674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3628aa37eae6b50b2021-12-23 11:52:02.443root 11241100x80000000000000007211675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edfe7530f01722a2021-12-23 11:52:02.443root 11241100x80000000000000007211676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1778898656123e2021-12-23 11:52:02.443root 11241100x80000000000000007211677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cb65b8c8480f662021-12-23 11:52:02.443root 11241100x80000000000000007211678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34bf9dd8f5a10cf2021-12-23 11:52:02.443root 11241100x80000000000000007211679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ae5a83c7257aca2021-12-23 11:52:02.443root 11241100x80000000000000007211680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a0ad5faeebf19f2021-12-23 11:52:02.443root 11241100x80000000000000007211681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8463008154ac22021-12-23 11:52:02.444root 11241100x80000000000000007211682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2187a34f4cfc15042021-12-23 11:52:02.444root 11241100x80000000000000007211683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e41b5f9c3a8e012021-12-23 11:52:02.444root 11241100x80000000000000007211684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104338e302830e9e2021-12-23 11:52:02.444root 11241100x80000000000000007211685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ca31268096aab02021-12-23 11:52:02.444root 11241100x80000000000000007211686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d60ac3e1f937b82021-12-23 11:52:02.444root 11241100x80000000000000007211687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bdcc613252dee72021-12-23 11:52:02.444root 11241100x80000000000000007211688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3703722ae23ad3312021-12-23 11:52:02.444root 11241100x80000000000000007211689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6f7ffb7c6f0a602021-12-23 11:52:02.943root 11241100x80000000000000007211690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c8fb7a8971dd6e2021-12-23 11:52:02.943root 11241100x80000000000000007211691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d0bb0a256d15072021-12-23 11:52:02.943root 11241100x80000000000000007211692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f58afb4fec6b82021-12-23 11:52:02.943root 11241100x80000000000000007211693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4f1298e186cf0f2021-12-23 11:52:02.943root 11241100x80000000000000007211694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3265d0f010369172021-12-23 11:52:02.944root 11241100x80000000000000007211695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa17a96c9c350a42021-12-23 11:52:02.944root 11241100x80000000000000007211696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bd8d123881fb782021-12-23 11:52:02.944root 11241100x80000000000000007211697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d304e2c18656112021-12-23 11:52:02.944root 11241100x80000000000000007211698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab5656b997e4df2021-12-23 11:52:02.945root 11241100x80000000000000007211699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5d328e5b70e9582021-12-23 11:52:02.945root 11241100x80000000000000007211700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e28646a66af4b62021-12-23 11:52:02.945root 11241100x80000000000000007211701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2069baff8b5ca4cf2021-12-23 11:52:02.945root 11241100x80000000000000007211702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115b8f63ec10f91e2021-12-23 11:52:02.945root 11241100x80000000000000007211703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de13c105fabefa592021-12-23 11:52:02.945root 11241100x80000000000000007211704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f0289dcb4879592021-12-23 11:52:02.945root 23542300x80000000000000007211705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007211706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd95f5bab59a989d2021-12-23 11:52:03.443root 11241100x80000000000000007211707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4320cd90da7fb92021-12-23 11:52:03.443root 11241100x80000000000000007211708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97e2550eba582572021-12-23 11:52:03.443root 11241100x80000000000000007211709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4663b756cdbe4d2021-12-23 11:52:03.443root 11241100x80000000000000007211710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484939951800d1322021-12-23 11:52:03.443root 11241100x80000000000000007211711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e618b6dbee3005e02021-12-23 11:52:03.443root 11241100x80000000000000007211712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1449f00d1dfc40a02021-12-23 11:52:03.444root 11241100x80000000000000007211713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75289ce367b4efd52021-12-23 11:52:03.444root 11241100x80000000000000007211714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361a37786c2f37572021-12-23 11:52:03.444root 11241100x80000000000000007211715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12978385ffc4a062021-12-23 11:52:03.444root 11241100x80000000000000007211716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c06bce957f0aed2021-12-23 11:52:03.444root 11241100x80000000000000007211717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eded7321cadd232021-12-23 11:52:03.444root 11241100x80000000000000007211718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e2d90e52605fc32021-12-23 11:52:03.444root 11241100x80000000000000007211719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeafea44c1f0f8692021-12-23 11:52:03.444root 11241100x80000000000000007211720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00588436d64ab9692021-12-23 11:52:03.444root 11241100x80000000000000007211721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6afcf25c7da33b02021-12-23 11:52:03.444root 11241100x80000000000000007211722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58de232049df4da2021-12-23 11:52:03.444root 11241100x80000000000000007211723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e01a0a35e4742142021-12-23 11:52:03.943root 11241100x80000000000000007211724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf1754c893158a42021-12-23 11:52:03.943root 11241100x80000000000000007211725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002de8cb5a1582f2021-12-23 11:52:03.943root 11241100x80000000000000007211726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c45441500fc4df2021-12-23 11:52:03.943root 11241100x80000000000000007211727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a7d23cba78d0092021-12-23 11:52:03.943root 11241100x80000000000000007211728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eccee803b2fe6b2021-12-23 11:52:03.944root 11241100x80000000000000007211729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6d4261a3f404bd2021-12-23 11:52:03.944root 11241100x80000000000000007211730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d38084581208fb2021-12-23 11:52:03.944root 11241100x80000000000000007211731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d087453f90b71a552021-12-23 11:52:03.944root 11241100x80000000000000007211732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6d7b713578621e2021-12-23 11:52:03.944root 11241100x80000000000000007211733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80ac38e8eb34e992021-12-23 11:52:03.944root 11241100x80000000000000007211734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f07cca19da555a2021-12-23 11:52:03.944root 11241100x80000000000000007211735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079200ea83fa9c742021-12-23 11:52:03.944root 11241100x80000000000000007211736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ac9cc11e6db7852021-12-23 11:52:03.944root 11241100x80000000000000007211737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe23188307ba2dfe2021-12-23 11:52:03.944root 11241100x80000000000000007211738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9059a687d9b6532e2021-12-23 11:52:03.944root 11241100x80000000000000007211739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93a7f6bc375aadc2021-12-23 11:52:03.945root 11241100x80000000000000007211740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d061b1bc5a433fdb2021-12-23 11:52:04.442root 11241100x80000000000000007211741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63467a1d956585e42021-12-23 11:52:04.443root 11241100x80000000000000007211742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb349ae7dd64fcb2021-12-23 11:52:04.443root 11241100x80000000000000007211743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1daee43927ed77f2021-12-23 11:52:04.443root 11241100x80000000000000007211744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc58204d7a2e9aa2021-12-23 11:52:04.443root 11241100x80000000000000007211745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71bd7f11bdb3a062021-12-23 11:52:04.443root 11241100x80000000000000007211746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd51dd0101b488b2021-12-23 11:52:04.443root 11241100x80000000000000007211747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048df91509a99b602021-12-23 11:52:04.443root 11241100x80000000000000007211748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe783fc024c14d02021-12-23 11:52:04.443root 11241100x80000000000000007211749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3414ab80c2dcdcb02021-12-23 11:52:04.444root 11241100x80000000000000007211750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21691aed66f9ad522021-12-23 11:52:04.444root 11241100x80000000000000007211751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03baf697b733d3e2021-12-23 11:52:04.444root 11241100x80000000000000007211752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1379032a59023ab12021-12-23 11:52:04.444root 11241100x80000000000000007211753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfff73a6d38395272021-12-23 11:52:04.444root 11241100x80000000000000007211754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51873fb00e290a6b2021-12-23 11:52:04.444root 11241100x80000000000000007211755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ebe4371c516ad12021-12-23 11:52:04.444root 11241100x80000000000000007211756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b9d8b763add8d52021-12-23 11:52:04.444root 11241100x80000000000000007211757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57ff6fbb68458602021-12-23 11:52:04.943root 11241100x80000000000000007211758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007a28f18fea19e12021-12-23 11:52:04.943root 11241100x80000000000000007211759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d2aa559f1d09312021-12-23 11:52:04.943root 11241100x80000000000000007211760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8970561288dfaf2021-12-23 11:52:04.943root 11241100x80000000000000007211761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cee66d5aa8fde852021-12-23 11:52:04.943root 11241100x80000000000000007211762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71895fc0be066e702021-12-23 11:52:04.943root 11241100x80000000000000007211763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34823cd684ca54302021-12-23 11:52:04.943root 11241100x80000000000000007211764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c17cd05b26530a42021-12-23 11:52:04.943root 11241100x80000000000000007211765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd6fdc233c828012021-12-23 11:52:04.943root 11241100x80000000000000007211766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba54046a071673202021-12-23 11:52:04.944root 11241100x80000000000000007211767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc8ffbad1a53d4c2021-12-23 11:52:04.944root 11241100x80000000000000007211768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70ddc862e5b3b662021-12-23 11:52:04.944root 11241100x80000000000000007211769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cca71d18a325632021-12-23 11:52:04.944root 11241100x80000000000000007211770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5721c917d779e0ec2021-12-23 11:52:04.944root 11241100x80000000000000007211771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775da48b6233dafe2021-12-23 11:52:04.944root 11241100x80000000000000007211772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fe29a080f616a32021-12-23 11:52:04.944root 11241100x80000000000000007211773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6b2332771c0e4e2021-12-23 11:52:04.944root 11241100x80000000000000007211774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90334ee787c2f812021-12-23 11:52:05.443root 11241100x80000000000000007211775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8bfe84020547b52021-12-23 11:52:05.443root 11241100x80000000000000007211776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf624117c001ab12021-12-23 11:52:05.443root 11241100x80000000000000007211777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59e1dc6e4f976512021-12-23 11:52:05.443root 11241100x80000000000000007211778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9452502bb2d1406d2021-12-23 11:52:05.443root 11241100x80000000000000007211779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c26ea001b3fc92021-12-23 11:52:05.443root 11241100x80000000000000007211780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3eef6254f5ec72021-12-23 11:52:05.443root 11241100x80000000000000007211781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ab821afa26d3c92021-12-23 11:52:05.444root 11241100x80000000000000007211782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8654381dab1ddb5c2021-12-23 11:52:05.444root 11241100x80000000000000007211783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248a51e0d041d11d2021-12-23 11:52:05.444root 11241100x80000000000000007211784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3e0ff684cd2c02021-12-23 11:52:05.444root 11241100x80000000000000007211785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67afef90a3487a62021-12-23 11:52:05.444root 11241100x80000000000000007211786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d46803541199822021-12-23 11:52:05.444root 11241100x80000000000000007211787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb897ce021eb4792021-12-23 11:52:05.444root 11241100x80000000000000007211788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0801eb02145b26d32021-12-23 11:52:05.444root 11241100x80000000000000007211789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5bc83972b2b7a2021-12-23 11:52:05.444root 11241100x80000000000000007211790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc845bf16d3093892021-12-23 11:52:05.444root 11241100x80000000000000007211791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0dd69b3cb0cfbd2021-12-23 11:52:05.943root 11241100x80000000000000007211792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcd819700c48f3b2021-12-23 11:52:05.943root 11241100x80000000000000007211793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab3cf52cf38b22c2021-12-23 11:52:05.943root 11241100x80000000000000007211794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38facb196474d9e2021-12-23 11:52:05.943root 11241100x80000000000000007211795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6b3d1d56969b2f2021-12-23 11:52:05.943root 11241100x80000000000000007211796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67d1fdfc8d667d62021-12-23 11:52:05.943root 11241100x80000000000000007211797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6be0161a7612fc2021-12-23 11:52:05.943root 11241100x80000000000000007211798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac54b31f30c94022021-12-23 11:52:05.943root 11241100x80000000000000007211799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a835e2c8ba96882021-12-23 11:52:05.943root 11241100x80000000000000007211800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b0018de32a43af2021-12-23 11:52:05.943root 11241100x80000000000000007211801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4098003b3fea6d462021-12-23 11:52:05.943root 11241100x80000000000000007211802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b9efd946147b8e2021-12-23 11:52:05.943root 11241100x80000000000000007211803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78e127850dd20b42021-12-23 11:52:05.944root 11241100x80000000000000007211804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aee3a4eca11e552021-12-23 11:52:05.944root 11241100x80000000000000007211805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f2021c04886af42021-12-23 11:52:05.944root 11241100x80000000000000007211806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883625b822e737472021-12-23 11:52:05.944root 11241100x80000000000000007211807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5993edfdc0396372021-12-23 11:52:05.944root 11241100x80000000000000007211808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b647d3e7f42c77c22021-12-23 11:52:06.443root 11241100x80000000000000007211809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627b736421426a422021-12-23 11:52:06.443root 11241100x80000000000000007211810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b6b97249594a052021-12-23 11:52:06.443root 11241100x80000000000000007211811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e42f5677336b33d2021-12-23 11:52:06.443root 11241100x80000000000000007211812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9709e74f3644eab2021-12-23 11:52:06.443root 11241100x80000000000000007211813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2b1f863cfac88e2021-12-23 11:52:06.443root 11241100x80000000000000007211814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a77e818b84f03082021-12-23 11:52:06.443root 11241100x80000000000000007211815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0918cd41d7eb0f72021-12-23 11:52:06.444root 11241100x80000000000000007211816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ec7996a60c242e2021-12-23 11:52:06.444root 11241100x80000000000000007211817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5d1f946798fe3a2021-12-23 11:52:06.444root 11241100x80000000000000007211818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a641e430493ac6e2021-12-23 11:52:06.444root 11241100x80000000000000007211819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b97b8101129a002021-12-23 11:52:06.444root 11241100x80000000000000007211820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed74bcc2c4b375e22021-12-23 11:52:06.444root 11241100x80000000000000007211821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edec8aeb6458b99d2021-12-23 11:52:06.444root 11241100x80000000000000007211822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0df72ce1fde663c2021-12-23 11:52:06.444root 11241100x80000000000000007211823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00be706e09f1d972021-12-23 11:52:06.444root 11241100x80000000000000007211824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f021a482fb01ffe22021-12-23 11:52:06.444root 11241100x80000000000000007211825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a91085d1a4ebc932021-12-23 11:52:06.943root 11241100x80000000000000007211826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9489d216efb30f32021-12-23 11:52:06.943root 11241100x80000000000000007211827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a907aa9be4bd0e2021-12-23 11:52:06.943root 11241100x80000000000000007211828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86e513055b9d7e62021-12-23 11:52:06.943root 11241100x80000000000000007211829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbb5f72678528d2021-12-23 11:52:06.943root 11241100x80000000000000007211830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5575868949d400392021-12-23 11:52:06.944root 11241100x80000000000000007211831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20190dd32526cfb12021-12-23 11:52:06.944root 11241100x80000000000000007211832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8942bdf47ee06ff2021-12-23 11:52:06.944root 11241100x80000000000000007211833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bed6b0f614758b52021-12-23 11:52:06.944root 11241100x80000000000000007211834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c90d7df2af3c782021-12-23 11:52:06.944root 11241100x80000000000000007211835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e915cd52a8b52f2021-12-23 11:52:06.944root 11241100x80000000000000007211836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096f359b3586badd2021-12-23 11:52:06.944root 11241100x80000000000000007211837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc810117c099dc6d2021-12-23 11:52:06.944root 11241100x80000000000000007211838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eeba14e8e668962021-12-23 11:52:06.944root 11241100x8000000000000000