11241100x80000000000000007210795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:15.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f07d44a96892bd2021-12-23 11:51:15.192root 11241100x80000000000000007210796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:15.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd1e52cdcd1c862021-12-23 11:51:15.692root 11241100x80000000000000007210797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:16.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a331e82eb864e1072021-12-23 11:51:16.192root 11241100x80000000000000007210798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:16.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e468305ac018ba252021-12-23 11:51:16.692root 354300x80000000000000007210799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.011{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33752-false10.0.1.12-8000- 11241100x80000000000000007210800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11f914ad92738682021-12-23 11:51:17.012root 11241100x80000000000000007210801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2012092ccab34be2021-12-23 11:51:17.442root 11241100x80000000000000007210802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe27e6b484e5e5282021-12-23 11:51:17.443root 11241100x80000000000000007210803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a535e7e023506b662021-12-23 11:51:17.942root 11241100x80000000000000007210804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee1381e2fe16ad2021-12-23 11:51:17.943root 11241100x80000000000000007210805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae19adebc7a770d02021-12-23 11:51:18.442root 11241100x80000000000000007210806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6260e79ad0e8ad0e2021-12-23 11:51:18.443root 11241100x80000000000000007210807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c062c5b3c1336fc52021-12-23 11:51:18.942root 11241100x80000000000000007210808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ede8fbe55d49722021-12-23 11:51:18.942root 11241100x80000000000000007210809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d0d6292d0933092021-12-23 11:51:19.442root 11241100x80000000000000007210810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36c5082df2fce8d2021-12-23 11:51:19.442root 11241100x80000000000000007210811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f60ee5dee0f5ca2021-12-23 11:51:19.942root 11241100x80000000000000007210812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3499353bbe02002021-12-23 11:51:19.942root 11241100x80000000000000007210813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42686e7ce01f48812021-12-23 11:51:20.442root 11241100x80000000000000007210814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc692a9cce2e03002021-12-23 11:51:20.442root 11241100x80000000000000007210815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c579f46058a26da82021-12-23 11:51:20.943root 11241100x80000000000000007210816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8362d1a4c11d989e2021-12-23 11:51:20.943root 11241100x80000000000000007210817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9723cda8dd2137842021-12-23 11:51:21.442root 11241100x80000000000000007210818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f25bc8374051092021-12-23 11:51:21.442root 11241100x80000000000000007210819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca4d9d761feb2b12021-12-23 11:51:21.942root 11241100x80000000000000007210820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a4395e9e696fd12021-12-23 11:51:21.943root 354300x80000000000000007210821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.134{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33754-false10.0.1.12-8000- 11241100x80000000000000007210822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c800c7dbcbebada42021-12-23 11:51:22.442root 11241100x80000000000000007210823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad0b48ec9b6147c2021-12-23 11:51:22.443root 11241100x80000000000000007210824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05951485449d2da92021-12-23 11:51:22.443root 11241100x80000000000000007210825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a5b17e8c889f92021-12-23 11:51:22.942root 11241100x80000000000000007210826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a10d4dccced900f2021-12-23 11:51:22.943root 11241100x80000000000000007210827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e473b2b3c21615a72021-12-23 11:51:22.943root 11241100x80000000000000007210828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4b01921e5181502021-12-23 11:51:23.442root 11241100x80000000000000007210829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c392a6153ee9672021-12-23 11:51:23.443root 11241100x80000000000000007210830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc555724bc6c63572021-12-23 11:51:23.443root 11241100x80000000000000007210831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f97a28d4891d422021-12-23 11:51:23.942root 11241100x80000000000000007210832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c6d91df3e31c952021-12-23 11:51:23.943root 11241100x80000000000000007210833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee45e6a31793fc12021-12-23 11:51:23.943root 11241100x80000000000000007210834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84976ee2459550bf2021-12-23 11:51:24.442root 11241100x80000000000000007210835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a29abcc703657b2021-12-23 11:51:24.443root 11241100x80000000000000007210836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a95c94b228dc232021-12-23 11:51:24.443root 11241100x80000000000000007210837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1473a10809c1f2402021-12-23 11:51:24.942root 11241100x80000000000000007210838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1aa818ddcb2ef32021-12-23 11:51:24.943root 11241100x80000000000000007210839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a402bbb95c7b1d02021-12-23 11:51:24.943root 11241100x80000000000000007210840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7654fb6632a01b982021-12-23 11:51:25.442root 11241100x80000000000000007210841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb27a77e4afa2af62021-12-23 11:51:25.443root 11241100x80000000000000007210842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887442bd5f6330f12021-12-23 11:51:25.443root 11241100x80000000000000007210843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e412bae2935dd772021-12-23 11:51:25.942root 11241100x80000000000000007210844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a30f6ae8a71c142021-12-23 11:51:25.943root 11241100x80000000000000007210845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6145f39ea5cf61fe2021-12-23 11:51:25.943root 11241100x80000000000000007210846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e0fd77448f85422021-12-23 11:51:26.442root 11241100x80000000000000007210847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f6c66b41a3e0392021-12-23 11:51:26.443root 11241100x80000000000000007210848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc88de16748727d2021-12-23 11:51:26.443root 11241100x80000000000000007210849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fa98cf93c1ee042021-12-23 11:51:26.942root 11241100x80000000000000007210850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c18a7894aea2b2021-12-23 11:51:26.943root 11241100x80000000000000007210851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed151eab20407362021-12-23 11:51:26.943root 354300x80000000000000007210852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.207{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33756-false10.0.1.12-8000- 11241100x80000000000000007210853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eacc7a96be05dd62021-12-23 11:51:27.208root 11241100x80000000000000007210854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfa2040633fa5df2021-12-23 11:51:27.208root 11241100x80000000000000007210855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d8fb8676140e852021-12-23 11:51:27.208root 11241100x80000000000000007210856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb42c1cfc081852021-12-23 11:51:27.208root 11241100x80000000000000007210857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df2622fe930294c2021-12-23 11:51:27.692root 11241100x80000000000000007210858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dc778ece799d3d2021-12-23 11:51:27.693root 11241100x80000000000000007210859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3912f596073e648d2021-12-23 11:51:27.693root 11241100x80000000000000007210860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d89e5c953178a32021-12-23 11:51:27.693root 11241100x80000000000000007210861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e64337cdf1e38232021-12-23 11:51:28.192root 11241100x80000000000000007210862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b53ae994f7446a2021-12-23 11:51:28.193root 11241100x80000000000000007210863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b870ea40668c51d2021-12-23 11:51:28.193root 11241100x80000000000000007210864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c3920bf726e6582021-12-23 11:51:28.193root 11241100x80000000000000007210865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb577273416a68e62021-12-23 11:51:28.692root 11241100x80000000000000007210866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ede73e62a335992021-12-23 11:51:28.693root 11241100x80000000000000007210867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a528ba9d3b440e2021-12-23 11:51:28.693root 11241100x80000000000000007210868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34961fb063b8377f2021-12-23 11:51:28.693root 11241100x80000000000000007210869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26a523b96742f692021-12-23 11:51:29.193root 11241100x80000000000000007210870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d831b97af23322021-12-23 11:51:29.193root 11241100x80000000000000007210871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61df2f1f4a2e997d2021-12-23 11:51:29.193root 11241100x80000000000000007210872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b2b90094f5749d2021-12-23 11:51:29.193root 11241100x80000000000000007210873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e750cc64b309e4c42021-12-23 11:51:29.692root 11241100x80000000000000007210874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8accebc8f37f8f2021-12-23 11:51:29.693root 11241100x80000000000000007210875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511f5b9c7442b2662021-12-23 11:51:29.693root 11241100x80000000000000007210876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09c0fe957eec24f2021-12-23 11:51:29.693root 11241100x80000000000000007210877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:51:30.142root 11241100x80000000000000007210878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532406f65b7e24382021-12-23 11:51:30.143root 11241100x80000000000000007210879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6ac0d41d66b072021-12-23 11:51:30.143root 11241100x80000000000000007210880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b296928b714ee02021-12-23 11:51:30.143root 11241100x80000000000000007210881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd4461938d3eb02021-12-23 11:51:30.144root 11241100x80000000000000007210882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9b049dd5370652021-12-23 11:51:30.144root 11241100x80000000000000007210883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076df60508c170d2021-12-23 11:51:30.443root 11241100x80000000000000007210884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9352f73f134bfc432021-12-23 11:51:30.443root 11241100x80000000000000007210885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ebf76f835699312021-12-23 11:51:30.443root 11241100x80000000000000007210886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86b3b3308d6e3c52021-12-23 11:51:30.443root 11241100x80000000000000007210887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c38a09fb3bc62b2021-12-23 11:51:30.443root 11241100x80000000000000007210888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb33c90157001d8b2021-12-23 11:51:30.942root 11241100x80000000000000007210889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0089efdbffcaebf2021-12-23 11:51:30.943root 11241100x80000000000000007210890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac0b4acee24004a2021-12-23 11:51:30.943root 11241100x80000000000000007210891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58261cd02c5486552021-12-23 11:51:30.943root 11241100x80000000000000007210892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584542aa66fa05b62021-12-23 11:51:30.943root 154100x80000000000000007210893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.060{ec2b6afe-62c3-61c4-68c4-da44e5550000}5072/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000007210894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.071{ec2b6afe-62c3-61c4-68c4-da44e5550000}5072/bin/psroot 11241100x80000000000000007210895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf4c05b927e24792021-12-23 11:51:31.443root 11241100x80000000000000007210896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b762b4e2ba39ca3b2021-12-23 11:51:31.443root 11241100x80000000000000007210897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ef631a3c81839b2021-12-23 11:51:31.443root 11241100x80000000000000007210898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77feb2a05e6213d2021-12-23 11:51:31.443root 11241100x80000000000000007210899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370547b80927e1832021-12-23 11:51:31.443root 11241100x80000000000000007210900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a7e06d7de0f49b2021-12-23 11:51:31.443root 11241100x80000000000000007210901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591cd8ae35b0af42021-12-23 11:51:31.443root 11241100x80000000000000007210902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9fd0455de96e82021-12-23 11:51:31.943root 11241100x80000000000000007210903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1df3865976656282021-12-23 11:51:31.943root 11241100x80000000000000007210904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeadc1bebc7ef372021-12-23 11:51:31.943root 11241100x80000000000000007210905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5849f976f7727a2021-12-23 11:51:31.943root 11241100x80000000000000007210906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887755abf09a3d32021-12-23 11:51:31.943root 11241100x80000000000000007210907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f4afc1e6493c402021-12-23 11:51:31.943root 11241100x80000000000000007210908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fb145b9511a3f42021-12-23 11:51:31.943root 11241100x80000000000000007210909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada2a905b88def512021-12-23 11:51:32.443root 11241100x80000000000000007210910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6318d7b4f1b70a092021-12-23 11:51:32.443root 11241100x80000000000000007210911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b048e59b09cb3a2021-12-23 11:51:32.443root 11241100x80000000000000007210912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec69a365640df442021-12-23 11:51:32.443root 11241100x80000000000000007210913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd501fd9c0c574a2021-12-23 11:51:32.443root 11241100x80000000000000007210914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c57f89ea02af3b2021-12-23 11:51:32.443root 11241100x80000000000000007210915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4818b0e76404faba2021-12-23 11:51:32.443root 11241100x80000000000000007210916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6932581a43d13dc2021-12-23 11:51:32.943root 11241100x80000000000000007210917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695faaec1eb3ee102021-12-23 11:51:32.943root 11241100x80000000000000007210918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e60d3b3f4db7302021-12-23 11:51:32.943root 11241100x80000000000000007210919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd11caf9d738532021-12-23 11:51:32.943root 11241100x80000000000000007210920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc96ae45515a18c22021-12-23 11:51:32.943root 11241100x80000000000000007210921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cacf42dcfc43f2021-12-23 11:51:32.943root 11241100x80000000000000007210922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82715b6c4c6e2912021-12-23 11:51:32.943root 23542300x80000000000000007210923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000007210924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.161{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33758-false10.0.1.12-8000- 11241100x80000000000000007210925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b9c650b99022a12021-12-23 11:51:33.443root 11241100x80000000000000007210926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93da47e8b96df28b2021-12-23 11:51:33.443root 11241100x80000000000000007210927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097eeeeda6ddd7722021-12-23 11:51:33.443root 11241100x80000000000000007210928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e0d2b50086af112021-12-23 11:51:33.443root 11241100x80000000000000007210929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3615cb8c7765979a2021-12-23 11:51:33.443root 11241100x80000000000000007210930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c493ab51e265bd02021-12-23 11:51:33.443root 11241100x80000000000000007210931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1706b9944340022021-12-23 11:51:33.443root 11241100x80000000000000007210932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2e705e58fe2592021-12-23 11:51:33.443root 11241100x80000000000000007210933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cdef7acfb4e6f62021-12-23 11:51:33.443root 11241100x80000000000000007210934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72d2c7c626112962021-12-23 11:51:33.943root 11241100x80000000000000007210935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a145ec473d563b2021-12-23 11:51:33.943root 11241100x80000000000000007210936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d5a5aa07ce12c72021-12-23 11:51:33.943root 11241100x80000000000000007210937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dad2d1cc0c35d82021-12-23 11:51:33.943root 11241100x80000000000000007210938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153ba432588ac4b82021-12-23 11:51:33.943root 11241100x80000000000000007210939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7e5b5c6ec24c8f2021-12-23 11:51:33.943root 11241100x80000000000000007210940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfa98bb44e066312021-12-23 11:51:33.943root 11241100x80000000000000007210941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68248ac53e87cd6e2021-12-23 11:51:33.943root 11241100x80000000000000007210942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fabfafdcf72b92021-12-23 11:51:33.943root 11241100x80000000000000007210943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e004f65e70a1e192021-12-23 11:51:34.443root 11241100x80000000000000007210944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c239687112aa752c2021-12-23 11:51:34.443root 11241100x80000000000000007210945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17612ffe36bfe7b32021-12-23 11:51:34.443root 11241100x80000000000000007210946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70564d56403f0f912021-12-23 11:51:34.443root 11241100x80000000000000007210947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c58a0735e7442582021-12-23 11:51:34.443root 11241100x80000000000000007210948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08169be614102d082021-12-23 11:51:34.443root 11241100x80000000000000007210949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9b2a54b67f2e1a2021-12-23 11:51:34.443root 11241100x80000000000000007210950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a7fab484e411a52021-12-23 11:51:34.444root 11241100x80000000000000007210951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c49ad7ee852692021-12-23 11:51:34.444root 11241100x80000000000000007210952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24495a19c4c1994b2021-12-23 11:51:34.943root 11241100x80000000000000007210953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43543db68da201d82021-12-23 11:51:34.943root 11241100x80000000000000007210954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222921fe8bb2fb92021-12-23 11:51:34.943root 11241100x80000000000000007210955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dd3e09c2e785062021-12-23 11:51:34.943root 11241100x80000000000000007210956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a300efbd4b0c222021-12-23 11:51:34.943root 11241100x80000000000000007210957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5260e452659b1962021-12-23 11:51:34.943root 11241100x80000000000000007210958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafb4b8421e718772021-12-23 11:51:34.943root 11241100x80000000000000007210959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadfdc1a600910092021-12-23 11:51:34.944root 11241100x80000000000000007210960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbbc4ea37a4134d2021-12-23 11:51:34.944root 11241100x80000000000000007210961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f66e6689c457662021-12-23 11:51:35.443root 11241100x80000000000000007210962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7124fc30267d6f3b2021-12-23 11:51:35.443root 11241100x80000000000000007210963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc1d2006a9939cd2021-12-23 11:51:35.443root 11241100x80000000000000007210964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ee2f5ca1099d842021-12-23 11:51:35.443root 11241100x80000000000000007210965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21169e60092925512021-12-23 11:51:35.443root 11241100x80000000000000007210966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097146141ec1e512021-12-23 11:51:35.443root 11241100x80000000000000007210967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60cb9fe8519b3ab2021-12-23 11:51:35.443root 11241100x80000000000000007210968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50226cce0e57ac662021-12-23 11:51:35.444root 11241100x80000000000000007210969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920d1fe41a67f55b2021-12-23 11:51:35.444root 11241100x80000000000000007210970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78baad84d4164432021-12-23 11:51:35.943root 11241100x80000000000000007210971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4698f9e66a4262c62021-12-23 11:51:35.943root 11241100x80000000000000007210972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58f02c385059e722021-12-23 11:51:35.943root 11241100x80000000000000007210973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f36705afa14d9042021-12-23 11:51:35.943root 11241100x80000000000000007210974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6087df2e48f9522021-12-23 11:51:35.943root 11241100x80000000000000007210975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a9f46e7fac462d2021-12-23 11:51:35.943root 11241100x80000000000000007210976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa50744407ec405e2021-12-23 11:51:35.943root 11241100x80000000000000007210977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac9a88ce647f9342021-12-23 11:51:35.943root 11241100x80000000000000007210978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080a756dfd52ab332021-12-23 11:51:35.943root 11241100x80000000000000007210979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462f49644b33aee62021-12-23 11:51:36.443root 11241100x80000000000000007210980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8956715019b692f2021-12-23 11:51:36.443root 11241100x80000000000000007210981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc10755bf2417a12021-12-23 11:51:36.443root 11241100x80000000000000007210982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35779397c25878d2021-12-23 11:51:36.443root 11241100x80000000000000007210983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c6c64aa9528e412021-12-23 11:51:36.443root 11241100x80000000000000007210984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a012a28c93cd3f2021-12-23 11:51:36.443root 11241100x80000000000000007210985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9475b4fcba0ec2021-12-23 11:51:36.443root 11241100x80000000000000007210986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14b1c3523d237622021-12-23 11:51:36.444root 11241100x80000000000000007210987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baabae8bb6438fdb2021-12-23 11:51:36.444root 11241100x80000000000000007210988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94cd0c1b532f9472021-12-23 11:51:36.943root 11241100x80000000000000007210989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f23573d6eca4a6e2021-12-23 11:51:36.943root 11241100x80000000000000007210990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded579360fda2d842021-12-23 11:51:36.943root 11241100x80000000000000007210991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0a59cc990d9ac82021-12-23 11:51:36.943root 11241100x80000000000000007210992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f5aafa3038d8b82021-12-23 11:51:36.943root 11241100x80000000000000007210993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001df78b93a7ada02021-12-23 11:51:36.943root 11241100x80000000000000007210994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767bae1359b807dc2021-12-23 11:51:36.943root 11241100x80000000000000007210995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f63ac781622a732021-12-23 11:51:36.944root 11241100x80000000000000007210996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175365a802680d912021-12-23 11:51:36.944root 11241100x80000000000000007210997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968dc2f03043d6332021-12-23 11:51:37.443root 11241100x80000000000000007210998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b1a880a80ada352021-12-23 11:51:37.443root 11241100x80000000000000007210999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007601d79d7c3f62021-12-23 11:51:37.443root 11241100x80000000000000007211000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6988a1070d1b60372021-12-23 11:51:37.443root 11241100x80000000000000007211001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29109523f0ffcd5b2021-12-23 11:51:37.443root 11241100x80000000000000007211002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e235a4134765b582021-12-23 11:51:37.443root 11241100x80000000000000007211003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140121913cec8d4d2021-12-23 11:51:37.443root 11241100x80000000000000007211004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2ebf7cf633eccd2021-12-23 11:51:37.444root 11241100x80000000000000007211005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0cc8d538b0f992021-12-23 11:51:37.444root 11241100x80000000000000007211006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5109dac0a7fd6b222021-12-23 11:51:37.943root 11241100x80000000000000007211007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7d11d612f2da02021-12-23 11:51:37.943root 11241100x80000000000000007211008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5335b78d639284d62021-12-23 11:51:37.943root 11241100x80000000000000007211009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5123320e9940bd32021-12-23 11:51:37.943root 11241100x80000000000000007211010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768880d4663d57642021-12-23 11:51:37.943root 11241100x80000000000000007211011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eefb626feef9b92021-12-23 11:51:37.943root 11241100x80000000000000007211012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882725d438ba2a872021-12-23 11:51:37.943root 11241100x80000000000000007211013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034b6af41157a8f42021-12-23 11:51:37.943root 11241100x80000000000000007211014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fbff228b9a2f1b2021-12-23 11:51:37.944root 11241100x80000000000000007211015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b169ff928f19cd2021-12-23 11:51:38.443root 11241100x80000000000000007211016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd06fe0df8499bfe2021-12-23 11:51:38.443root 11241100x80000000000000007211017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2796b1f9efc5f712021-12-23 11:51:38.443root 11241100x80000000000000007211018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fff35d36d243772021-12-23 11:51:38.443root 11241100x80000000000000007211019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d5d42a265c95722021-12-23 11:51:38.443root 11241100x80000000000000007211020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa93343a9b4e05012021-12-23 11:51:38.443root 11241100x80000000000000007211021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0a975076e3e7182021-12-23 11:51:38.444root 11241100x80000000000000007211022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7655271b5ee5972021-12-23 11:51:38.444root 11241100x80000000000000007211023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ad2ec33001bb92021-12-23 11:51:38.444root 11241100x80000000000000007211024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1725f8993a284a2021-12-23 11:51:38.943root 11241100x80000000000000007211025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5617ed20dd1ace6e2021-12-23 11:51:38.943root 11241100x80000000000000007211026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96218414812fc3572021-12-23 11:51:38.944root 11241100x80000000000000007211027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dbee488fd8c9ad2021-12-23 11:51:38.944root 11241100x80000000000000007211028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d32c92ac2b183d72021-12-23 11:51:38.945root 11241100x80000000000000007211029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e089ca98a5ca89762021-12-23 11:51:38.945root 11241100x80000000000000007211030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd5588336e0c5032021-12-23 11:51:38.945root 11241100x80000000000000007211031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b630c45a812d1a2021-12-23 11:51:38.945root 11241100x80000000000000007211032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbaad79dc33e2102021-12-23 11:51:38.945root 354300x80000000000000007211033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.094{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33760-false10.0.1.12-8000- 11241100x80000000000000007211034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa4c25e81da4c7e2021-12-23 11:51:39.443root 11241100x80000000000000007211035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d7f9f2d6b530e42021-12-23 11:51:39.443root 11241100x80000000000000007211036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003557eddb448e262021-12-23 11:51:39.443root 11241100x80000000000000007211037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ddad44ea5dee662021-12-23 11:51:39.443root 11241100x80000000000000007211038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135ede6861e1dfba2021-12-23 11:51:39.443root 11241100x80000000000000007211039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ecd75b65abae312021-12-23 11:51:39.443root 11241100x80000000000000007211040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dfab92d962e1c12021-12-23 11:51:39.443root 11241100x80000000000000007211041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b86477fcf062f962021-12-23 11:51:39.443root 11241100x80000000000000007211042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fe9e55b26744602021-12-23 11:51:39.444root 11241100x80000000000000007211043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7e702d615601822021-12-23 11:51:39.444root 11241100x80000000000000007211044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25adda7e49bf43782021-12-23 11:51:39.943root 11241100x80000000000000007211045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cbf027e398f3572021-12-23 11:51:39.943root 11241100x80000000000000007211046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a6815a22d8e8382021-12-23 11:51:39.943root 11241100x80000000000000007211047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b790161625399942021-12-23 11:51:39.943root 11241100x80000000000000007211048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d02f81c22119da82021-12-23 11:51:39.943root 11241100x80000000000000007211049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61fd03127863b792021-12-23 11:51:39.943root 11241100x80000000000000007211050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb3cd6ffa9942e82021-12-23 11:51:39.943root 11241100x80000000000000007211051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56116cc85d15b3202021-12-23 11:51:39.943root 11241100x80000000000000007211052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db623ef41a689f92021-12-23 11:51:39.944root 11241100x80000000000000007211053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974d103467d4434e2021-12-23 11:51:39.944root 11241100x80000000000000007211054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bc12f8d14a7c812021-12-23 11:51:40.443root 11241100x80000000000000007211055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0401dc05669bef172021-12-23 11:51:40.443root 11241100x80000000000000007211056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dd53079dc442c42021-12-23 11:51:40.443root 11241100x80000000000000007211057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3315834ef05a42021-12-23 11:51:40.443root 11241100x80000000000000007211058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a7bbc481de0e5b2021-12-23 11:51:40.443root 11241100x80000000000000007211059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8813e47aff42462021-12-23 11:51:40.443root 11241100x80000000000000007211060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb42ce45236d64e2021-12-23 11:51:40.444root 11241100x80000000000000007211061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b12da3dfa9cbaf2021-12-23 11:51:40.444root 11241100x80000000000000007211062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a7580c9e1a1e3a2021-12-23 11:51:40.444root 11241100x80000000000000007211063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10206590495bff22021-12-23 11:51:40.444root 11241100x80000000000000007211064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9e2be3e688c4e62021-12-23 11:51:40.943root 11241100x80000000000000007211065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c198989b70b3d92021-12-23 11:51:40.943root 11241100x80000000000000007211066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e551a75ff1f926b42021-12-23 11:51:40.944root 11241100x80000000000000007211067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2099f2f1d897528d2021-12-23 11:51:40.944root 11241100x80000000000000007211068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fe8f35614823002021-12-23 11:51:40.944root 11241100x80000000000000007211069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2931c78063bfb9322021-12-23 11:51:40.944root 11241100x80000000000000007211070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ba8e8a75a8710f2021-12-23 11:51:40.944root 11241100x80000000000000007211071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e039a9b17c73734d2021-12-23 11:51:40.944root 11241100x80000000000000007211072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42198592206361242021-12-23 11:51:40.944root 11241100x80000000000000007211073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55362d15d57aecef2021-12-23 11:51:40.944root 11241100x80000000000000007211074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4ba2279c5253fe2021-12-23 11:51:41.443root 11241100x80000000000000007211075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f1a0c3053be082021-12-23 11:51:41.443root 11241100x80000000000000007211076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd72082516cc7f4c2021-12-23 11:51:41.443root 11241100x80000000000000007211077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4745f6f883a7a42021-12-23 11:51:41.443root 11241100x80000000000000007211078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f307ef37147d50f42021-12-23 11:51:41.443root 11241100x80000000000000007211079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14ece40c08c17052021-12-23 11:51:41.443root 11241100x80000000000000007211080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da24f53d97c014292021-12-23 11:51:41.443root 11241100x80000000000000007211081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baaa4a8ba0d9d6e2021-12-23 11:51:41.443root 11241100x80000000000000007211082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a8500b970e8e3f2021-12-23 11:51:41.444root 11241100x80000000000000007211083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52258e227a978ef82021-12-23 11:51:41.444root 11241100x80000000000000007211084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da729c83e428e4dd2021-12-23 11:51:41.943root 11241100x80000000000000007211085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc287f876d2417692021-12-23 11:51:41.943root 11241100x80000000000000007211086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a3e0f7d7753ab72021-12-23 11:51:41.943root 11241100x80000000000000007211087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f84eac6fd303b1c2021-12-23 11:51:41.943root 11241100x80000000000000007211088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e0e8928b1a769b2021-12-23 11:51:41.943root 11241100x80000000000000007211089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11015bc191cc0b2021-12-23 11:51:41.943root 11241100x80000000000000007211090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8b6b62056a87692021-12-23 11:51:41.943root 11241100x80000000000000007211091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1de6648d3089822021-12-23 11:51:41.943root 11241100x80000000000000007211092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ce2ee20d9fb652021-12-23 11:51:41.943root 11241100x80000000000000007211093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efbb36bd784ddb62021-12-23 11:51:41.943root 354300x80000000000000007211094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:41.996{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-49058-false10.0.1.12-8089- 11241100x80000000000000007211095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fce854c5669542021-12-23 11:51:42.443root 11241100x80000000000000007211096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4645195bc86bd5af2021-12-23 11:51:42.443root 11241100x80000000000000007211097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c2f2122766ccf52021-12-23 11:51:42.443root 11241100x80000000000000007211098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95164b918e6a6b002021-12-23 11:51:42.443root 11241100x80000000000000007211099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5fca96fb4a52132021-12-23 11:51:42.443root 11241100x80000000000000007211100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3dd405084d4a212021-12-23 11:51:42.443root 11241100x80000000000000007211101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc800ebbe5a181eb2021-12-23 11:51:42.443root 11241100x80000000000000007211102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaca093d609c4dcc2021-12-23 11:51:42.444root 11241100x80000000000000007211103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e493a8ff37f476512021-12-23 11:51:42.444root 11241100x80000000000000007211104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4302dbea55633d52021-12-23 11:51:42.444root 11241100x80000000000000007211105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aa3295e928f2dc2021-12-23 11:51:42.444root 11241100x80000000000000007211106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0557ed0a6d2d3862021-12-23 11:51:42.943root 11241100x80000000000000007211107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f9c4e292ea9e642021-12-23 11:51:42.943root 11241100x80000000000000007211108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e250adfc64e4cccb2021-12-23 11:51:42.943root 11241100x80000000000000007211109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6c7fc1562af8682021-12-23 11:51:42.943root 11241100x80000000000000007211110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1ed329fa10e9a82021-12-23 11:51:42.943root 11241100x80000000000000007211111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52fd5c6e3e397d2021-12-23 11:51:42.943root 11241100x80000000000000007211112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b879ad5cea302fd2021-12-23 11:51:42.943root 11241100x80000000000000007211113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede41e59222eec712021-12-23 11:51:42.944root 11241100x80000000000000007211114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaff328299cae712021-12-23 11:51:42.944root 11241100x80000000000000007211115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b114c77232d2aa0d2021-12-23 11:51:42.944root 11241100x80000000000000007211116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ca1f29fb8a81162021-12-23 11:51:42.944root 11241100x80000000000000007211117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13dcfebaf27deb22021-12-23 11:51:43.443root 11241100x80000000000000007211118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8102ae3c776cbe502021-12-23 11:51:43.443root 11241100x80000000000000007211119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d0a7af3d3234712021-12-23 11:51:43.443root 11241100x80000000000000007211120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecab51ae4d601032021-12-23 11:51:43.443root 11241100x80000000000000007211121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ba9c2cd84356d2021-12-23 11:51:43.443root 11241100x80000000000000007211122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed8fd83a3ea8d762021-12-23 11:51:43.443root 11241100x80000000000000007211123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdf5b459d7a97112021-12-23 11:51:43.443root 11241100x80000000000000007211124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91fad45ba3b95c62021-12-23 11:51:43.444root 11241100x80000000000000007211125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb868f32d6b0e602021-12-23 11:51:43.444root 11241100x80000000000000007211126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9041dc43c5ad8f2021-12-23 11:51:43.444root 11241100x80000000000000007211127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a05efb1cfc0a2132021-12-23 11:51:43.444root 11241100x80000000000000007211128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb8c00591a2efc02021-12-23 11:51:43.943root 11241100x80000000000000007211129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e29da01de4bbfce2021-12-23 11:51:43.943root 11241100x80000000000000007211130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48652196b9c518f62021-12-23 11:51:43.943root 11241100x80000000000000007211131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01cb05bbcf02b852021-12-23 11:51:43.943root 11241100x80000000000000007211132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32fda2c59d81e272021-12-23 11:51:43.943root 11241100x80000000000000007211133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8e59715001ee22021-12-23 11:51:43.943root 11241100x80000000000000007211134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff7e392245708952021-12-23 11:51:43.943root 11241100x80000000000000007211135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f084455e245b4a102021-12-23 11:51:43.944root 11241100x80000000000000007211136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeee76958e145c92021-12-23 11:51:43.944root 11241100x80000000000000007211137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dabc67750c06d392021-12-23 11:51:43.944root 11241100x80000000000000007211138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d9476c39e2f2b82021-12-23 11:51:43.944root 354300x80000000000000007211139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33764-false10.0.1.12-8000- 11241100x80000000000000007211140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e04482728259d12021-12-23 11:51:44.219root 11241100x80000000000000007211141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9075ec9cbd41d9d32021-12-23 11:51:44.219root 11241100x80000000000000007211142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f21956d476783862021-12-23 11:51:44.219root 11241100x80000000000000007211143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd68f20191849cf2021-12-23 11:51:44.219root 11241100x80000000000000007211144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111d44667368997b2021-12-23 11:51:44.219root 11241100x80000000000000007211145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbb512bcc3406ba2021-12-23 11:51:44.219root 11241100x80000000000000007211146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696aa201983480f12021-12-23 11:51:44.219root 11241100x80000000000000007211147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6934152e62bf1842021-12-23 11:51:44.220root 11241100x80000000000000007211148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def74e5af19d6e852021-12-23 11:51:44.220root 11241100x80000000000000007211149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63846fecbaea378e2021-12-23 11:51:44.220root 11241100x80000000000000007211150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6affaa60b0dfbeb22021-12-23 11:51:44.220root 11241100x80000000000000007211151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabf0bf337662cfb2021-12-23 11:51:44.220root 11241100x80000000000000007211152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70706bbd89aefa5f2021-12-23 11:51:44.220root 11241100x80000000000000007211153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbb162a63b7a3c32021-12-23 11:51:44.220root 11241100x80000000000000007211154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9aa921f11c0bd62021-12-23 11:51:44.220root 11241100x80000000000000007211155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6009f1964b1654a32021-12-23 11:51:44.693root 11241100x80000000000000007211156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc005f93e1f63392021-12-23 11:51:44.693root 11241100x80000000000000007211157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa61a21f8c0aa302021-12-23 11:51:44.693root 11241100x80000000000000007211158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07fcee7b9cd8b1f2021-12-23 11:51:44.693root 11241100x80000000000000007211159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fdb8c01ac316d32021-12-23 11:51:44.693root 11241100x80000000000000007211160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39d2a746accf2c12021-12-23 11:51:44.693root 11241100x80000000000000007211161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb35c30a2ab1df162021-12-23 11:51:44.694root 11241100x80000000000000007211162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd26db768ba84c32021-12-23 11:51:44.694root 11241100x80000000000000007211163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c76cbd24e53b9812021-12-23 11:51:44.694root 11241100x80000000000000007211164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d08660f1fae1b12021-12-23 11:51:44.694root 11241100x80000000000000007211165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88da0121511d83d52021-12-23 11:51:44.694root 11241100x80000000000000007211166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c498b6353f9adb82021-12-23 11:51:44.694root 11241100x80000000000000007211167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1e5c4a62f4b31d2021-12-23 11:51:45.193root 11241100x80000000000000007211168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a740111acaa7e47c2021-12-23 11:51:45.193root 11241100x80000000000000007211169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d03e14ceca0c22021-12-23 11:51:45.193root 11241100x80000000000000007211170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593023136a05cf632021-12-23 11:51:45.193root 11241100x80000000000000007211171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214966a1a2432cf2021-12-23 11:51:45.193root 11241100x80000000000000007211172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d344cbcd103fff2021-12-23 11:51:45.193root 11241100x80000000000000007211173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393858ec7ed62ed62021-12-23 11:51:45.193root 11241100x80000000000000007211174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab1424445f6ae022021-12-23 11:51:45.194root 11241100x80000000000000007211175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d366af418b4873d2021-12-23 11:51:45.194root 11241100x80000000000000007211176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de162a6df1615c032021-12-23 11:51:45.194root 11241100x80000000000000007211177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59019ab84506a0392021-12-23 11:51:45.194root 11241100x80000000000000007211178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5460d40cbbca602021-12-23 11:51:45.194root 11241100x80000000000000007211179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b534d8f16febcf2021-12-23 11:51:45.693root 11241100x80000000000000007211180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd95f6ac669abe522021-12-23 11:51:45.693root 11241100x80000000000000007211181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec12d7e950da88d42021-12-23 11:51:45.693root 11241100x80000000000000007211182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209a81637dbcef02021-12-23 11:51:45.693root 11241100x80000000000000007211183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc536abb3eddeeb2021-12-23 11:51:45.693root 11241100x80000000000000007211184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1896e4be8c37e6e52021-12-23 11:51:45.693root 11241100x80000000000000007211185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfec9a2ed5d12bcb2021-12-23 11:51:45.693root 11241100x80000000000000007211186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d29122b3278a7a2021-12-23 11:51:45.694root 11241100x80000000000000007211187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e98809b94ec4ef2021-12-23 11:51:45.694root 11241100x80000000000000007211188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00a2fced4676c6d2021-12-23 11:51:45.694root 11241100x80000000000000007211189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625bf373f64f139d2021-12-23 11:51:45.694root 11241100x80000000000000007211190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4178d67a725adb5b2021-12-23 11:51:45.694root 11241100x80000000000000007211191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17a89c99fd8f6862021-12-23 11:51:46.193root 11241100x80000000000000007211192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d270c1b29a966f82021-12-23 11:51:46.193root 11241100x80000000000000007211193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6ee7e074de873b2021-12-23 11:51:46.193root 11241100x80000000000000007211194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b669e6706d2702962021-12-23 11:51:46.193root 11241100x80000000000000007211195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330f2112f632a99d2021-12-23 11:51:46.193root 11241100x80000000000000007211196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ca909743e3fc82021-12-23 11:51:46.193root 11241100x80000000000000007211197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fa69a7ce580fb82021-12-23 11:51:46.193root 11241100x80000000000000007211198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea2a741928835272021-12-23 11:51:46.193root 11241100x80000000000000007211199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c642d0d7a2bf6fa92021-12-23 11:51:46.194root 11241100x80000000000000007211200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e78291e11c8a0072021-12-23 11:51:46.194root 11241100x80000000000000007211201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a99b4795a42a2772021-12-23 11:51:46.194root 11241100x80000000000000007211202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1184bb5af827ec2021-12-23 11:51:46.194root 11241100x80000000000000007211203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e95a2ce2223be2021-12-23 11:51:46.693root 11241100x80000000000000007211204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003156ed1a09054c2021-12-23 11:51:46.693root 11241100x80000000000000007211205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677090d37e3820fa2021-12-23 11:51:46.693root 11241100x80000000000000007211206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a38f5150b989832021-12-23 11:51:46.693root 11241100x80000000000000007211207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51099f5c6a036892021-12-23 11:51:46.693root 11241100x80000000000000007211208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e4315269534d62021-12-23 11:51:46.693root 11241100x80000000000000007211209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feab2389d254d0942021-12-23 11:51:46.693root 11241100x80000000000000007211210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20b5dba88ccd5752021-12-23 11:51:46.693root 11241100x80000000000000007211211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7403230008067e2021-12-23 11:51:46.694root 11241100x80000000000000007211212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb68d0c5978ae072021-12-23 11:51:46.694root 11241100x80000000000000007211213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7647bbede6761a9e2021-12-23 11:51:46.694root 11241100x80000000000000007211214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab28847ce5b7cfa02021-12-23 11:51:46.694root 11241100x80000000000000007211215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca87bcf0b8c6c9c82021-12-23 11:51:47.193root 11241100x80000000000000007211216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c274b290e1193902021-12-23 11:51:47.193root 11241100x80000000000000007211217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2036faa2892d00e2021-12-23 11:51:47.193root 11241100x80000000000000007211218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026bf6d7c452ac92021-12-23 11:51:47.193root 11241100x80000000000000007211219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c999a595a799b10a2021-12-23 11:51:47.194root 11241100x80000000000000007211220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8a6cec7d0031652021-12-23 11:51:47.194root 11241100x80000000000000007211221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd613fe30b2016f2021-12-23 11:51:47.194root 11241100x80000000000000007211222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f572ba498608fd2021-12-23 11:51:47.194root 11241100x80000000000000007211223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930bd96482765fb2021-12-23 11:51:47.194root 11241100x80000000000000007211224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612d84b276356f452021-12-23 11:51:47.194root 11241100x80000000000000007211225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3954be1d503c0d112021-12-23 11:51:47.194root 11241100x80000000000000007211226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653a0733a6a45c642021-12-23 11:51:47.195root 11241100x80000000000000007211227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408af4fd3f26aade2021-12-23 11:51:47.693root 11241100x80000000000000007211228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37fb1acc216aebf2021-12-23 11:51:47.693root 11241100x80000000000000007211229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985c6eb6b8016492021-12-23 11:51:47.693root 11241100x80000000000000007211230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c429224dcf810b82021-12-23 11:51:47.693root 11241100x80000000000000007211231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceec32bd3f3ef0052021-12-23 11:51:47.693root 11241100x80000000000000007211232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0035ffc7185fab9a2021-12-23 11:51:47.693root 11241100x80000000000000007211233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83055a62e57b7472021-12-23 11:51:47.693root 11241100x80000000000000007211234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e3a7bc17964d632021-12-23 11:51:47.694root 11241100x80000000000000007211235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd949a383548f6db2021-12-23 11:51:47.694root 11241100x80000000000000007211236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b4a3858279b35e2021-12-23 11:51:47.694root 11241100x80000000000000007211237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9262c410f5d9d892021-12-23 11:51:47.694root 11241100x80000000000000007211238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9414eb6de16de5022021-12-23 11:51:47.694root 11241100x80000000000000007211239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096a1b97439455cd2021-12-23 11:51:48.193root 11241100x80000000000000007211240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb106f29635d2902021-12-23 11:51:48.193root 11241100x80000000000000007211241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d952174f515592021-12-23 11:51:48.193root 11241100x80000000000000007211242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ba133d1473bd12021-12-23 11:51:48.193root 11241100x80000000000000007211243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2205d96611d34d2021-12-23 11:51:48.193root 11241100x80000000000000007211244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e90eec08ed04622021-12-23 11:51:48.193root 11241100x80000000000000007211245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eba9d564b38cd52021-12-23 11:51:48.194root 11241100x80000000000000007211246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac22222d81f0032021-12-23 11:51:48.194root 11241100x80000000000000007211247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9129a10ac68da2021-12-23 11:51:48.194root 11241100x80000000000000007211248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e859b65704ec3d2021-12-23 11:51:48.194root 11241100x80000000000000007211249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d471ebb0401edac2021-12-23 11:51:48.194root 11241100x80000000000000007211250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6d816b5e114d2c2021-12-23 11:51:48.194root 11241100x80000000000000007211251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4808e241e254de712021-12-23 11:51:48.693root 11241100x80000000000000007211252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029770ae28d9f8b92021-12-23 11:51:48.694root 11241100x80000000000000007211253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eaf8bdfb9bd6c42021-12-23 11:51:48.694root 11241100x80000000000000007211254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e28b8738084a032021-12-23 11:51:48.694root 11241100x80000000000000007211255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f0f79742dd4be2021-12-23 11:51:48.694root 11241100x80000000000000007211256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7f3c40b4d4ba082021-12-23 11:51:48.694root 11241100x80000000000000007211257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f59b1b4723d182021-12-23 11:51:48.694root 11241100x80000000000000007211258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af89140468acfd452021-12-23 11:51:48.694root 11241100x80000000000000007211259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58abe600d84a690d2021-12-23 11:51:48.694root 11241100x80000000000000007211260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15c83eaf7c2ebde2021-12-23 11:51:48.694root 11241100x80000000000000007211261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4750bc558b9829d02021-12-23 11:51:48.694root 11241100x80000000000000007211262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5c33e84ec95f412021-12-23 11:51:48.694root 11241100x80000000000000007211263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277866414ff925a82021-12-23 11:51:49.193root 11241100x80000000000000007211264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dfd6bada722a282021-12-23 11:51:49.193root 11241100x80000000000000007211265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92da9f01ef49108c2021-12-23 11:51:49.193root 11241100x80000000000000007211266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f4a904f5a9c1c52021-12-23 11:51:49.193root 11241100x80000000000000007211267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa44c6a7ac1e2cb2021-12-23 11:51:49.193root 11241100x80000000000000007211268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15f44943afe1e032021-12-23 11:51:49.193root 11241100x80000000000000007211269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60633339e538cf542021-12-23 11:51:49.193root 11241100x80000000000000007211270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f1b5b426a6bba62021-12-23 11:51:49.193root 11241100x80000000000000007211271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e3b891498192f92021-12-23 11:51:49.194root 11241100x80000000000000007211272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24cfd15b0c343332021-12-23 11:51:49.194root 11241100x80000000000000007211273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591ae8c4b97a4f82021-12-23 11:51:49.194root 11241100x80000000000000007211274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106f47e80735c76f2021-12-23 11:51:49.194root 11241100x80000000000000007211275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f2e293d7fccf552021-12-23 11:51:49.693root 11241100x80000000000000007211276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a1dadd2b9902d2021-12-23 11:51:49.693root 11241100x80000000000000007211277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30f8119ca1597d52021-12-23 11:51:49.693root 11241100x80000000000000007211278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9653a831aba61ea72021-12-23 11:51:49.693root 11241100x80000000000000007211279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1139d00c781424b42021-12-23 11:51:49.693root 11241100x80000000000000007211280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd0994bf165bb462021-12-23 11:51:49.694root 11241100x80000000000000007211281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ba888c061993182021-12-23 11:51:49.694root 11241100x80000000000000007211282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e4ea7f33e717802021-12-23 11:51:49.694root 11241100x80000000000000007211283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9ec40eaaf6c2612021-12-23 11:51:49.694root 11241100x80000000000000007211284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300b552c3940d1a72021-12-23 11:51:49.694root 11241100x80000000000000007211285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afa0e71c862bbd72021-12-23 11:51:49.694root 11241100x80000000000000007211286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d219d15817b1842021-12-23 11:51:49.694root 354300x80000000000000007211287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.029{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33766-false10.0.1.12-8000- 11241100x80000000000000007211288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec5b4ed0671e712021-12-23 11:51:50.030root 11241100x80000000000000007211289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c843b30de7dc212021-12-23 11:51:50.030root 11241100x80000000000000007211290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d1f95e7f576c592021-12-23 11:51:50.030root 11241100x80000000000000007211291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59772076d571df12021-12-23 11:51:50.030root 11241100x80000000000000007211292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e4e7f7df090a442021-12-23 11:51:50.030root 11241100x80000000000000007211293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526026b367acb2e42021-12-23 11:51:50.030root 11241100x80000000000000007211294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66624028171531902021-12-23 11:51:50.030root 11241100x80000000000000007211295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09925f106559ff42021-12-23 11:51:50.031root 11241100x80000000000000007211296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf00fcd9aa4b6b592021-12-23 11:51:50.031root 11241100x80000000000000007211297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93749a74766eb0692021-12-23 11:51:50.031root 11241100x80000000000000007211298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f2f60c5148edc22021-12-23 11:51:50.031root 11241100x80000000000000007211299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd1658344e1f2292021-12-23 11:51:50.031root 11241100x80000000000000007211300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28cbf4690f7360a2021-12-23 11:51:50.031root 11241100x80000000000000007211301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6b0decc4cc734e2021-12-23 11:51:50.031root 11241100x80000000000000007211302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee9cb6746c0129f2021-12-23 11:51:50.031root 11241100x80000000000000007211303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0f5e10941ad50b2021-12-23 11:51:50.031root 11241100x80000000000000007211304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43db27502c51f1392021-12-23 11:51:50.031root 11241100x80000000000000007211305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c50e3b7f12908c82021-12-23 11:51:50.443root 11241100x80000000000000007211306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825e0db3de3a5bb82021-12-23 11:51:50.443root 11241100x80000000000000007211307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f02734cb2e3303b2021-12-23 11:51:50.443root 11241100x80000000000000007211308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869088e1348f8092021-12-23 11:51:50.443root 11241100x80000000000000007211309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc81c3cc31e2cf72021-12-23 11:51:50.443root 11241100x80000000000000007211310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb72ef5f369661d2021-12-23 11:51:50.443root 11241100x80000000000000007211311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf22c07973bfa5c2021-12-23 11:51:50.443root 11241100x80000000000000007211312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07bbfe790b04ccf2021-12-23 11:51:50.443root 11241100x80000000000000007211313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d20e9d8028501c2021-12-23 11:51:50.443root 11241100x80000000000000007211314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b912748fd9c632f2021-12-23 11:51:50.444root 11241100x80000000000000007211315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af3042b5f299c5e2021-12-23 11:51:50.444root 11241100x80000000000000007211316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2e86d5bde4c39e2021-12-23 11:51:50.444root 11241100x80000000000000007211317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a15a20900f42a82021-12-23 11:51:50.444root 11241100x80000000000000007211318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d19026be1a733b2021-12-23 11:51:50.943root 11241100x80000000000000007211319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5447be0e87b4c7172021-12-23 11:51:50.943root 11241100x80000000000000007211320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8eabcbd5349db32021-12-23 11:51:50.944root 11241100x80000000000000007211321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91a62e43ca50e752021-12-23 11:51:50.944root 11241100x80000000000000007211322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec49fa939005abcf2021-12-23 11:51:50.944root 11241100x80000000000000007211323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b999faf46eed3b22021-12-23 11:51:50.944root 11241100x80000000000000007211324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3664a8c008db9162021-12-23 11:51:50.945root 11241100x80000000000000007211325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468dcaee11cef5572021-12-23 11:51:50.945root 11241100x80000000000000007211326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38466c04f28c3fb2021-12-23 11:51:50.945root 11241100x80000000000000007211327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d36cce926268082021-12-23 11:51:50.945root 11241100x80000000000000007211328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd4d6c7f17dcb0e2021-12-23 11:51:50.945root 11241100x80000000000000007211329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55205ae063aefa822021-12-23 11:51:50.946root 11241100x80000000000000007211330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3395e28562a7ec082021-12-23 11:51:50.946root 11241100x80000000000000007211331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1557dbe2bdefe6d2021-12-23 11:51:51.443root 11241100x80000000000000007211332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f601d47632aff22021-12-23 11:51:51.443root 11241100x80000000000000007211333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c88e539f1661812021-12-23 11:51:51.444root 11241100x80000000000000007211334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860828ad62d120262021-12-23 11:51:51.444root 11241100x80000000000000007211335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59295d28fd1f06de2021-12-23 11:51:51.444root 11241100x80000000000000007211336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb692b16189b0632021-12-23 11:51:51.444root 11241100x80000000000000007211337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab88162113dc433d2021-12-23 11:51:51.445root 11241100x80000000000000007211338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d46f4dcbad854b12021-12-23 11:51:51.445root 11241100x80000000000000007211339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278f84d5a9ad60e2021-12-23 11:51:51.445root 11241100x80000000000000007211340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abf8b011665b17c2021-12-23 11:51:51.445root 11241100x80000000000000007211341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0544d20ced9243402021-12-23 11:51:51.446root 11241100x80000000000000007211342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce2dad601e21fbb2021-12-23 11:51:51.446root 11241100x80000000000000007211343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5fd2b3a617bc8c2021-12-23 11:51:51.446root 11241100x80000000000000007211344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86078ab7c4ed78e82021-12-23 11:51:51.943root 11241100x80000000000000007211345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d5404ed5faefd72021-12-23 11:51:51.943root 11241100x80000000000000007211346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7b1a80dd7bb7672021-12-23 11:51:51.944root 11241100x80000000000000007211347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe68294494631492021-12-23 11:51:51.944root 11241100x80000000000000007211348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8500e0cde32842021-12-23 11:51:51.944root 11241100x80000000000000007211349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f7521450aceb282021-12-23 11:51:51.944root 11241100x80000000000000007211350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d1047d86961a02021-12-23 11:51:51.945root 11241100x80000000000000007211351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09665c73f4482fe42021-12-23 11:51:51.945root 11241100x80000000000000007211352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1089da9adc94de2021-12-23 11:51:51.945root 11241100x80000000000000007211353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906df38b3b358d272021-12-23 11:51:51.945root 11241100x80000000000000007211354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8908b55a84a9e22021-12-23 11:51:51.945root 11241100x80000000000000007211355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf84570ba0ff1b182021-12-23 11:51:51.945root 11241100x80000000000000007211356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b7b036b85b2a2c2021-12-23 11:51:51.945root 11241100x80000000000000007211357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50026577ecc134b02021-12-23 11:51:52.443root 11241100x80000000000000007211358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a5783685e16fe02021-12-23 11:51:52.443root 11241100x80000000000000007211359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee84a1e4692266c2021-12-23 11:51:52.443root 11241100x80000000000000007211360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dda2af0512fdff2021-12-23 11:51:52.443root 11241100x80000000000000007211361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd48606dada6fe0e2021-12-23 11:51:52.443root 11241100x80000000000000007211362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc523d5e6b0c1e392021-12-23 11:51:52.443root 11241100x80000000000000007211363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5491c49790d66e2021-12-23 11:51:52.443root 11241100x80000000000000007211364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713df97ffcbafde52021-12-23 11:51:52.444root 11241100x80000000000000007211365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fff9b7beda421be2021-12-23 11:51:52.444root 11241100x80000000000000007211366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eac2410ca2346002021-12-23 11:51:52.444root 11241100x80000000000000007211367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d605a39c752d62021-12-23 11:51:52.444root 11241100x80000000000000007211368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ef20a59a096882021-12-23 11:51:52.444root 11241100x80000000000000007211369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc5d65cc443126c2021-12-23 11:51:52.444root 11241100x80000000000000007211370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651384d44149779c2021-12-23 11:51:52.943root 11241100x80000000000000007211371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e144d2f3e32f14cf2021-12-23 11:51:52.943root 11241100x80000000000000007211372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c040dd3a5c90ab502021-12-23 11:51:52.943root 11241100x80000000000000007211373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4416015a9c7fec522021-12-23 11:51:52.943root 11241100x80000000000000007211374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa593d65439208bc2021-12-23 11:51:52.943root 11241100x80000000000000007211375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218ba93a850cfdec2021-12-23 11:51:52.943root 11241100x80000000000000007211376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac7b4e25a61d7722021-12-23 11:51:52.943root 11241100x80000000000000007211377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e7e3a5d591540f2021-12-23 11:51:52.944root 11241100x80000000000000007211378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046e4c4046cf62d32021-12-23 11:51:52.944root 11241100x80000000000000007211379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de09aabf56da282021-12-23 11:51:52.944root 11241100x80000000000000007211380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8eef9fdd9346712021-12-23 11:51:52.944root 11241100x80000000000000007211381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ca0f16e1adc3462021-12-23 11:51:52.944root 11241100x80000000000000007211382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c460b82e309f12021-12-23 11:51:52.944root 11241100x80000000000000007211383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f698839807d73e82021-12-23 11:51:53.443root 11241100x80000000000000007211384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8773fe50c13b472021-12-23 11:51:53.443root 11241100x80000000000000007211385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572dea255a0607502021-12-23 11:51:53.443root 11241100x80000000000000007211386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9bcfb71ae6b6d62021-12-23 11:51:53.443root 11241100x80000000000000007211387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee6b03e6bb441712021-12-23 11:51:53.443root 11241100x80000000000000007211388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51797b9f1a1139ac2021-12-23 11:51:53.443root 11241100x80000000000000007211389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2919013e5a9fdfeb2021-12-23 11:51:53.443root 11241100x80000000000000007211390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff7ebcb497245d92021-12-23 11:51:53.444root 11241100x80000000000000007211391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498599ab485159ca2021-12-23 11:51:53.444root 11241100x80000000000000007211392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26010242cf59ec0a2021-12-23 11:51:53.444root 11241100x80000000000000007211393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a546fc940d787fe2021-12-23 11:51:53.444root 11241100x80000000000000007211394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa161a2b34df41e2021-12-23 11:51:53.444root 11241100x80000000000000007211395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eeaeeb88f837072021-12-23 11:51:53.444root 11241100x80000000000000007211396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ab0a7f6c031fa12021-12-23 11:51:53.943root 11241100x80000000000000007211397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f47d5b0fb86399d2021-12-23 11:51:53.943root 11241100x80000000000000007211398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b3a786638d92cb2021-12-23 11:51:53.943root 11241100x80000000000000007211399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfa698ec4b53ee02021-12-23 11:51:53.943root 11241100x80000000000000007211400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e569fdda11d73912021-12-23 11:51:53.943root 11241100x80000000000000007211401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f9acaaa452ae872021-12-23 11:51:53.943root 11241100x80000000000000007211402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08f5ff67084cb3f2021-12-23 11:51:53.944root 11241100x80000000000000007211403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47baac125ce39772021-12-23 11:51:53.944root 11241100x80000000000000007211404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ad61c839a920c52021-12-23 11:51:53.944root 11241100x80000000000000007211405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889a28e2d5c3f0282021-12-23 11:51:53.944root 11241100x80000000000000007211406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f8cdc751192ad2021-12-23 11:51:53.944root 11241100x80000000000000007211407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec23af219e2fdbd2021-12-23 11:51:53.944root 11241100x80000000000000007211408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db0320105649692021-12-23 11:51:53.944root 11241100x80000000000000007211409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f9a9edb13364c12021-12-23 11:51:54.443root 11241100x80000000000000007211410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4464b3906beb422021-12-23 11:51:54.443root 11241100x80000000000000007211411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf8cf3156b767ac2021-12-23 11:51:54.443root 11241100x80000000000000007211412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26958ff8f82cc942021-12-23 11:51:54.443root 11241100x80000000000000007211413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5354aac071fa292021-12-23 11:51:54.443root 11241100x80000000000000007211414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce039be4c2a20d02021-12-23 11:51:54.443root 11241100x80000000000000007211415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0893a3f6508ec6052021-12-23 11:51:54.443root 11241100x80000000000000007211416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f681f479120d222021-12-23 11:51:54.444root 11241100x80000000000000007211417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbedf5ab2354f952021-12-23 11:51:54.444root 11241100x80000000000000007211418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a8052daba56ee22021-12-23 11:51:54.444root 11241100x80000000000000007211419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510a3ffb68049af72021-12-23 11:51:54.444root 11241100x80000000000000007211420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a9b331d1d68e242021-12-23 11:51:54.444root 11241100x80000000000000007211421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482860a60c283d1e2021-12-23 11:51:54.444root 11241100x80000000000000007211422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d829f979b218022021-12-23 11:51:54.943root 11241100x80000000000000007211423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb13615f25672732021-12-23 11:51:54.943root 11241100x80000000000000007211424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a50965894e9b7db2021-12-23 11:51:54.944root 11241100x80000000000000007211425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928351b08ca3f2862021-12-23 11:51:54.944root 11241100x80000000000000007211426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87e62854d4710462021-12-23 11:51:54.944root 11241100x80000000000000007211427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e037e1e94284f4d22021-12-23 11:51:54.945root 11241100x80000000000000007211428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dac2659e0d72c7f2021-12-23 11:51:54.945root 11241100x80000000000000007211429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45ac5adfc9ff9ce2021-12-23 11:51:54.945root 11241100x80000000000000007211430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1660dcddfd8c6a792021-12-23 11:51:54.945root 11241100x80000000000000007211431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82280bd07afe00032021-12-23 11:51:54.946root 11241100x80000000000000007211432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dc1a8303b528a92021-12-23 11:51:54.946root 11241100x80000000000000007211433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caf938d60a2eacb2021-12-23 11:51:54.946root 11241100x80000000000000007211434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21026b6aaf032ea82021-12-23 11:51:54.947root 354300x80000000000000007211435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.210{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33768-false10.0.1.12-8000- 11241100x80000000000000007211436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6300e761ec31ed662021-12-23 11:51:55.211root 11241100x80000000000000007211437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331cc080237674532021-12-23 11:51:55.211root 11241100x80000000000000007211438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf752a71fbd7c2c2021-12-23 11:51:55.211root 11241100x80000000000000007211439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0decccc4ed73c5c92021-12-23 11:51:55.211root 11241100x80000000000000007211440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8415412fc5530822021-12-23 11:51:55.211root 11241100x80000000000000007211441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922d593a894374662021-12-23 11:51:55.212root 11241100x80000000000000007211442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d094b4b4cd5520e02021-12-23 11:51:55.212root 11241100x80000000000000007211443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b942c4d04d5858b2021-12-23 11:51:55.212root 11241100x80000000000000007211444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b19b45c80bd5d42021-12-23 11:51:55.212root 11241100x80000000000000007211445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a138aced29ccea2021-12-23 11:51:55.212root 11241100x80000000000000007211446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bde53344eb32be72021-12-23 11:51:55.212root 11241100x80000000000000007211447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0285b3aadf41c2ef2021-12-23 11:51:55.212root 11241100x80000000000000007211448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9171d9d1673f947a2021-12-23 11:51:55.212root 11241100x80000000000000007211449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00caff16aec3b4fa2021-12-23 11:51:55.212root 11241100x80000000000000007211450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52843b827d7b7fbb2021-12-23 11:51:55.693root 11241100x80000000000000007211451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdfbe2f9274bbf62021-12-23 11:51:55.693root 11241100x80000000000000007211452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8d6caaf1ad13672021-12-23 11:51:55.693root 11241100x80000000000000007211453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6c03c9322944522021-12-23 11:51:55.693root 11241100x80000000000000007211454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4367e01723fd46b2021-12-23 11:51:55.693root 11241100x80000000000000007211455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ef2112b7ab3cdd2021-12-23 11:51:55.693root 11241100x80000000000000007211456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff3abc28e1c87832021-12-23 11:51:55.693root 11241100x80000000000000007211457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e56b75223a2dd2e2021-12-23 11:51:55.694root 11241100x80000000000000007211458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eee37fe65ce81d32021-12-23 11:51:55.694root 11241100x80000000000000007211459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0310e483a2dd292021-12-23 11:51:55.694root 11241100x80000000000000007211460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f542a55515b9d71e2021-12-23 11:51:55.694root 11241100x80000000000000007211461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b9e9ea2124b0a72021-12-23 11:51:55.694root 11241100x80000000000000007211462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84881f7a56d9ce522021-12-23 11:51:55.694root 11241100x80000000000000007211463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d266a917860077862021-12-23 11:51:55.694root 11241100x80000000000000007211464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc109b1a90db2ca2021-12-23 11:51:56.193root 11241100x80000000000000007211465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0462a69162e468bd2021-12-23 11:51:56.193root 11241100x80000000000000007211466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8285447a68953f22021-12-23 11:51:56.193root 11241100x80000000000000007211467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1251807f8ef12a2d2021-12-23 11:51:56.193root 11241100x80000000000000007211468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf1c28355f1d6c32021-12-23 11:51:56.193root 11241100x80000000000000007211469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644ad63ba1ed4c92021-12-23 11:51:56.193root 11241100x80000000000000007211470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970449e1c9beec3b2021-12-23 11:51:56.193root 11241100x80000000000000007211471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16a7ceb5a8102e42021-12-23 11:51:56.194root 11241100x80000000000000007211472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0a2820e1eb93a12021-12-23 11:51:56.194root 11241100x80000000000000007211473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7b5264f03b8e542021-12-23 11:51:56.194root 11241100x80000000000000007211474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60056621e21f38ba2021-12-23 11:51:56.194root 11241100x80000000000000007211475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3ed106979d16f62021-12-23 11:51:56.194root 11241100x80000000000000007211476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5390cd754334bc0b2021-12-23 11:51:56.194root 11241100x80000000000000007211477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dfe51e826b2f8b2021-12-23 11:51:56.194root 11241100x80000000000000007211478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dbe1889c87e9fd2021-12-23 11:51:56.693root 11241100x80000000000000007211479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd76e0719d5c1462021-12-23 11:51:56.693root 11241100x80000000000000007211480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c27e783be61e932021-12-23 11:51:56.693root 11241100x80000000000000007211481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d8c102b7a13ba22021-12-23 11:51:56.693root 11241100x80000000000000007211482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc39736b6c04177e2021-12-23 11:51:56.693root 11241100x80000000000000007211483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b996cb033eb59c2021-12-23 11:51:56.693root 11241100x80000000000000007211484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa14f3df1a2956b2021-12-23 11:51:56.693root 11241100x80000000000000007211485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105e430ae1657102021-12-23 11:51:56.694root 11241100x80000000000000007211486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1213e6668664370b2021-12-23 11:51:56.694root 11241100x80000000000000007211487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361c4a913ae654c22021-12-23 11:51:56.694root 11241100x80000000000000007211488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cf296070ab45c42021-12-23 11:51:56.694root 11241100x80000000000000007211489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d24a6a88bd3bb22021-12-23 11:51:56.694root 11241100x80000000000000007211490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4fd278fcaac1de2021-12-23 11:51:56.694root 11241100x80000000000000007211491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9250255c1592ffec2021-12-23 11:51:56.694root 11241100x80000000000000007211492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1ed52ada4d161c2021-12-23 11:51:57.193root 11241100x80000000000000007211493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4afca52da95015e2021-12-23 11:51:57.193root 11241100x80000000000000007211494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ee3a5da66aabe62021-12-23 11:51:57.193root 11241100x80000000000000007211495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ecad7c0b8e2d542021-12-23 11:51:57.193root 11241100x80000000000000007211496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e90ef0c5133562021-12-23 11:51:57.193root 11241100x80000000000000007211497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49d50c337d7b6622021-12-23 11:51:57.193root 11241100x80000000000000007211498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a9b1dfecb00c6a2021-12-23 11:51:57.193root 11241100x80000000000000007211499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ecf0886d3883a2021-12-23 11:51:57.193root 11241100x80000000000000007211500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f4112621e952222021-12-23 11:51:57.193root 11241100x80000000000000007211501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ec11843161b4b2021-12-23 11:51:57.193root 11241100x80000000000000007211502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0fc17b8077baea2021-12-23 11:51:57.194root 11241100x80000000000000007211503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc4b536265574a62021-12-23 11:51:57.194root 11241100x80000000000000007211504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4626c7e7b789972021-12-23 11:51:57.194root 11241100x80000000000000007211505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53df58cbfca2ab9e2021-12-23 11:51:57.194root 11241100x80000000000000007211506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c72179ef6f3fd3d2021-12-23 11:51:57.693root 11241100x80000000000000007211507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d1d25cfa0d89642021-12-23 11:51:57.693root 11241100x80000000000000007211508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a9c0d7788c22cf2021-12-23 11:51:57.693root 11241100x80000000000000007211509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b41ab804f3894472021-12-23 11:51:57.693root 11241100x80000000000000007211510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616bb6c8635e75f12021-12-23 11:51:57.693root 11241100x80000000000000007211511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e864313ff171822021-12-23 11:51:57.693root 11241100x80000000000000007211512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aa48c3e8fc71c02021-12-23 11:51:57.693root 11241100x80000000000000007211513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb17a7e7a4b870322021-12-23 11:51:57.693root 11241100x80000000000000007211514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5de4d65bb502a072021-12-23 11:51:57.694root 11241100x80000000000000007211515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4118a7b25ae3b0292021-12-23 11:51:57.694root 11241100x80000000000000007211516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f21a22d72aefe12021-12-23 11:51:57.694root 11241100x80000000000000007211517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f59fa44461cee2021-12-23 11:51:57.694root 11241100x80000000000000007211518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdb8fb3c052536c2021-12-23 11:51:57.694root 11241100x80000000000000007211519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f7fe2274b12fac2021-12-23 11:51:57.694root 11241100x80000000000000007211520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cec74792365faee2021-12-23 11:51:57.695root 11241100x80000000000000007211521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6e87b323154352021-12-23 11:51:57.695root 11241100x80000000000000007211522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c4a194e6c3e7a2021-12-23 11:51:57.695root 11241100x80000000000000007211523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a626eca2c8607e482021-12-23 11:51:57.695root 11241100x80000000000000007211524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849e40548bf71e4b2021-12-23 11:51:57.695root 11241100x80000000000000007211525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fd81ef3221dced2021-12-23 11:51:57.695root 11241100x80000000000000007211526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462642a4dba430f22021-12-23 11:51:57.695root 11241100x80000000000000007211527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ff8551fc690c172021-12-23 11:51:57.695root 11241100x80000000000000007211528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44137ab072c905752021-12-23 11:51:57.695root 11241100x80000000000000007211529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bbe46684077bdd2021-12-23 11:51:57.696root 11241100x80000000000000007211530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78798b6dcf02f6282021-12-23 11:51:57.696root 11241100x80000000000000007211531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b3eed07f9bc0fd2021-12-23 11:51:57.696root 11241100x80000000000000007211532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a069039af912562021-12-23 11:51:57.696root 11241100x80000000000000007211533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e943b3617e463e672021-12-23 11:51:57.696root 11241100x80000000000000007211534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9681f70dc1447f2021-12-23 11:51:58.193root 11241100x80000000000000007211535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a4c4c907cfad0a2021-12-23 11:51:58.193root 11241100x80000000000000007211536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b69fa31ced976472021-12-23 11:51:58.193root 11241100x80000000000000007211537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea0d519b0eddd872021-12-23 11:51:58.193root 11241100x80000000000000007211538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cbda5896a620052021-12-23 11:51:58.193root 11241100x80000000000000007211539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d7357dd4685b0e2021-12-23 11:51:58.193root 11241100x80000000000000007211540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e886f456157dc02021-12-23 11:51:58.193root 11241100x80000000000000007211541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d406a451f5b70f212021-12-23 11:51:58.193root 11241100x80000000000000007211542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18e97bfefdbae8f2021-12-23 11:51:58.194root 11241100x80000000000000007211543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293c1c90fd1969932021-12-23 11:51:58.194root 11241100x80000000000000007211544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658258845696190d2021-12-23 11:51:58.194root 11241100x80000000000000007211545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21994f9fc844e9002021-12-23 11:51:58.194root 11241100x80000000000000007211546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8559029c286e965f2021-12-23 11:51:58.194root 11241100x80000000000000007211547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b56f6ce34aad8682021-12-23 11:51:58.194root 11241100x80000000000000007211548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd95738f4516c4852021-12-23 11:51:58.693root 11241100x80000000000000007211549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e490047c920b2482021-12-23 11:51:58.693root 11241100x80000000000000007211550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae14f9b3ef181052021-12-23 11:51:58.693root 11241100x80000000000000007211551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09be59d169f52982021-12-23 11:51:58.693root 11241100x80000000000000007211552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cfe44685301a52021-12-23 11:51:58.693root 11241100x80000000000000007211553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b24e39f82416fd2021-12-23 11:51:58.693root 11241100x80000000000000007211554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19463965a3ba6602021-12-23 11:51:58.693root 11241100x80000000000000007211555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c250381645d32112021-12-23 11:51:58.693root 11241100x80000000000000007211556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5204e0bdf161b9762021-12-23 11:51:58.693root 11241100x80000000000000007211557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51582d13dcc680eb2021-12-23 11:51:58.693root 11241100x80000000000000007211558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368558fabdb929192021-12-23 11:51:58.694root 11241100x80000000000000007211559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea38ae6629f51452021-12-23 11:51:58.694root 11241100x80000000000000007211560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b981e3b6da0575402021-12-23 11:51:58.694root 11241100x80000000000000007211561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39904383e8f33f92021-12-23 11:51:58.694root 11241100x80000000000000007211562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea5cfbfd1381402021-12-23 11:51:59.193root 11241100x80000000000000007211563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af8c396157581eb2021-12-23 11:51:59.194root 11241100x80000000000000007211564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46310ae76bdacded2021-12-23 11:51:59.194root 11241100x80000000000000007211565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ff7e7c1b1e7fe2021-12-23 11:51:59.195root 11241100x80000000000000007211566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf2841a98dcb49a2021-12-23 11:51:59.195root 11241100x80000000000000007211567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3acf0c3d5a892f2021-12-23 11:51:59.195root 11241100x80000000000000007211568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a102b7db0dc750f2021-12-23 11:51:59.195root 11241100x80000000000000007211569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a9c56d29c454102021-12-23 11:51:59.195root 11241100x80000000000000007211570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a13cb8008f3e122021-12-23 11:51:59.196root 11241100x80000000000000007211571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc47861ba4c8b812021-12-23 11:51:59.196root 11241100x80000000000000007211572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac78f9241bc0bc22021-12-23 11:51:59.196root 11241100x80000000000000007211573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633093392173ada2021-12-23 11:51:59.196root 11241100x80000000000000007211574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c5c3ae5c5649e82021-12-23 11:51:59.196root 11241100x80000000000000007211575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a5528c233a48e2021-12-23 11:51:59.196root 11241100x80000000000000007211576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194da052d0125ffa2021-12-23 11:51:59.693root 11241100x80000000000000007211577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b7e25d85bf56b2021-12-23 11:51:59.693root 11241100x80000000000000007211578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f11788fb355e0d82021-12-23 11:51:59.693root 11241100x80000000000000007211579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ede8df3b62a1be2021-12-23 11:51:59.693root 11241100x80000000000000007211580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fce23f0a98f46ce2021-12-23 11:51:59.693root 11241100x80000000000000007211581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc410db854ee78bf2021-12-23 11:51:59.693root 11241100x80000000000000007211582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca98a7a3d20605b2021-12-23 11:51:59.693root 11241100x80000000000000007211583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f997de5849debf0b2021-12-23 11:51:59.693root 11241100x80000000000000007211584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccbbd006e470f992021-12-23 11:51:59.693root 11241100x80000000000000007211585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b89e32f09691e1f2021-12-23 11:51:59.694root 11241100x80000000000000007211586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028aa9cf3deeb5de2021-12-23 11:51:59.694root 11241100x80000000000000007211587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e59507d24a048962021-12-23 11:51:59.694root 11241100x80000000000000007211588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325aaf41393605fe2021-12-23 11:51:59.694root 11241100x80000000000000007211589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:51:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0550e4af4dfdd72021-12-23 11:51:59.694root 11241100x80000000000000007211590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:52:00.142root 11241100x80000000000000007211591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479254476b766b742021-12-23 11:52:00.143root 11241100x80000000000000007211592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac578daa27b9fc0b2021-12-23 11:52:00.143root 11241100x80000000000000007211593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50ee4bea661948b2021-12-23 11:52:00.143root 11241100x80000000000000007211594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3794af32279079c82021-12-23 11:52:00.144root 11241100x80000000000000007211595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2c1ea00bd4cc8c2021-12-23 11:52:00.144root 11241100x80000000000000007211596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86e3c67ee1cfeca2021-12-23 11:52:00.144root 11241100x80000000000000007211597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b01a779f1070cc2021-12-23 11:52:00.144root 11241100x80000000000000007211598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3507a176347a488d2021-12-23 11:52:00.144root 11241100x80000000000000007211599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b85acea5fd347462021-12-23 11:52:00.144root 11241100x80000000000000007211600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f535d2d49cf5e2d12021-12-23 11:52:00.144root 11241100x80000000000000007211601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919feca3f34b6b762021-12-23 11:52:00.145root 11241100x80000000000000007211602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d4d6386b58c0af2021-12-23 11:52:00.145root 11241100x80000000000000007211603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5338a7afcf9e1d72021-12-23 11:52:00.145root 11241100x80000000000000007211604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290b258a1275e3cf2021-12-23 11:52:00.145root 11241100x80000000000000007211605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc96d91ddc7826e82021-12-23 11:52:00.145root 11241100x80000000000000007211606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8367252c08149ffa2021-12-23 11:52:00.145root 11241100x80000000000000007211607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d677b97740d26c4b2021-12-23 11:52:00.145root 11241100x80000000000000007211608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb94edda70f56d12021-12-23 11:52:00.443root 11241100x80000000000000007211609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309e867a5267f59b2021-12-23 11:52:00.443root 11241100x80000000000000007211610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8d8f75a6678f6b2021-12-23 11:52:00.443root 11241100x80000000000000007211611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48be43559fd3a932021-12-23 11:52:00.443root 11241100x80000000000000007211612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea13a02e362628522021-12-23 11:52:00.443root 11241100x80000000000000007211613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385d230c9b450102021-12-23 11:52:00.443root 11241100x80000000000000007211614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895dda6c44ca671b2021-12-23 11:52:00.443root 11241100x80000000000000007211615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb0f89a258f09b2021-12-23 11:52:00.443root 11241100x80000000000000007211616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0d1c0c4f42985a2021-12-23 11:52:00.443root 11241100x80000000000000007211617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54ab010008b9162021-12-23 11:52:00.443root 11241100x80000000000000007211618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79af83ff27efd362021-12-23 11:52:00.443root 11241100x80000000000000007211619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c13066a82fcbefe2021-12-23 11:52:00.443root 11241100x80000000000000007211620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0771a13457401d832021-12-23 11:52:00.443root 11241100x80000000000000007211621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa4d0f58f1f0a932021-12-23 11:52:00.444root 11241100x80000000000000007211622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43651da2b7d2e6df2021-12-23 11:52:00.444root 11241100x80000000000000007211623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556f45bc095355232021-12-23 11:52:00.943root 11241100x80000000000000007211624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853e5c2abc84f8882021-12-23 11:52:00.943root 11241100x80000000000000007211625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253d69ad32f973052021-12-23 11:52:00.943root 11241100x80000000000000007211626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedf9e81c46cae352021-12-23 11:52:00.943root 11241100x80000000000000007211627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b348ce7aab59a322021-12-23 11:52:00.943root 11241100x80000000000000007211628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b88addc9ff2332021-12-23 11:52:00.943root 11241100x80000000000000007211629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252f190f18a74e562021-12-23 11:52:00.943root 11241100x80000000000000007211630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ac6969360828902021-12-23 11:52:00.943root 11241100x80000000000000007211631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845056d6c22595232021-12-23 11:52:00.944root 11241100x80000000000000007211632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2640159ccbc77c052021-12-23 11:52:00.944root 11241100x80000000000000007211633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a6d1d5f29673002021-12-23 11:52:00.944root 11241100x80000000000000007211634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d421a0dc49f0e55b2021-12-23 11:52:00.944root 11241100x80000000000000007211635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36de4e2da11d2122021-12-23 11:52:00.944root 11241100x80000000000000007211636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2190f00c7cf3d0092021-12-23 11:52:00.944root 11241100x80000000000000007211637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcfb37b497e27b42021-12-23 11:52:00.944root 354300x80000000000000007211638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.155{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33770-false10.0.1.12-8000- 11241100x80000000000000007211639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22def25657778b342021-12-23 11:52:01.443root 11241100x80000000000000007211640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71473c46d2b0e092021-12-23 11:52:01.444root 11241100x80000000000000007211641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8428611db72bcdb2021-12-23 11:52:01.444root 11241100x80000000000000007211642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe76c995382cd492021-12-23 11:52:01.444root 11241100x80000000000000007211643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f12c2f25de7c42021-12-23 11:52:01.444root 11241100x80000000000000007211644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6b5730cafc1ca42021-12-23 11:52:01.444root 11241100x80000000000000007211645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64895845f38b0e2021-12-23 11:52:01.444root 11241100x80000000000000007211646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbf0ad63fe53f7a2021-12-23 11:52:01.445root 11241100x80000000000000007211647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a897fe035e2d4d2021-12-23 11:52:01.445root 11241100x80000000000000007211648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42699c16a6e24be62021-12-23 11:52:01.445root 11241100x80000000000000007211649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5711cf6d1da47e142021-12-23 11:52:01.445root 11241100x80000000000000007211650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2989da8a72fd0532021-12-23 11:52:01.445root 11241100x80000000000000007211651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a7bf04b3038cf32021-12-23 11:52:01.445root 11241100x80000000000000007211652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17990932a99f9182021-12-23 11:52:01.445root 11241100x80000000000000007211653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89acfe768e4338f62021-12-23 11:52:01.446root 11241100x80000000000000007211654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958c3ccef8b355cc2021-12-23 11:52:01.446root 11241100x80000000000000007211655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a58276613be2042021-12-23 11:52:01.942root 11241100x80000000000000007211656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8118553b1a374a892021-12-23 11:52:01.943root 11241100x80000000000000007211657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad339d6581b2b852021-12-23 11:52:01.943root 11241100x80000000000000007211658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb156bce2eac33f2021-12-23 11:52:01.943root 11241100x80000000000000007211659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518b56ca0824bbde2021-12-23 11:52:01.943root 11241100x80000000000000007211660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ec5803a7be1c5a2021-12-23 11:52:01.943root 11241100x80000000000000007211661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610b32d0ce0ee2c42021-12-23 11:52:01.944root 11241100x80000000000000007211662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3157ceae17c92f072021-12-23 11:52:01.944root 11241100x80000000000000007211663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f762474fbde3e50d2021-12-23 11:52:01.944root 11241100x80000000000000007211664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991e187581ca7572021-12-23 11:52:01.944root 11241100x80000000000000007211665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65df40bf16b3d9742021-12-23 11:52:01.944root 11241100x80000000000000007211666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a20b0f167d641752021-12-23 11:52:01.945root 11241100x80000000000000007211667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16cbdef0be3fb032021-12-23 11:52:01.945root 11241100x80000000000000007211668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d6212e31eb88c72021-12-23 11:52:01.945root 11241100x80000000000000007211669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93c858bce05d36e2021-12-23 11:52:01.945root 11241100x80000000000000007211670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79490b65b716c8812021-12-23 11:52:01.945root 11241100x80000000000000007211671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9f8480d3dd2e42021-12-23 11:52:01.945root 11241100x80000000000000007211672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31564ad76aa4e56e2021-12-23 11:52:01.945root 11241100x80000000000000007211673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35a5122f8121cb82021-12-23 11:52:02.443root 11241100x80000000000000007211674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3628aa37eae6b50b2021-12-23 11:52:02.443root 11241100x80000000000000007211675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edfe7530f01722a2021-12-23 11:52:02.443root 11241100x80000000000000007211676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1778898656123e2021-12-23 11:52:02.443root 11241100x80000000000000007211677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cb65b8c8480f662021-12-23 11:52:02.443root 11241100x80000000000000007211678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34bf9dd8f5a10cf2021-12-23 11:52:02.443root 11241100x80000000000000007211679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ae5a83c7257aca2021-12-23 11:52:02.443root 11241100x80000000000000007211680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a0ad5faeebf19f2021-12-23 11:52:02.443root 11241100x80000000000000007211681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8463008154ac22021-12-23 11:52:02.444root 11241100x80000000000000007211682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2187a34f4cfc15042021-12-23 11:52:02.444root 11241100x80000000000000007211683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e41b5f9c3a8e012021-12-23 11:52:02.444root 11241100x80000000000000007211684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104338e302830e9e2021-12-23 11:52:02.444root 11241100x80000000000000007211685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ca31268096aab02021-12-23 11:52:02.444root 11241100x80000000000000007211686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d60ac3e1f937b82021-12-23 11:52:02.444root 11241100x80000000000000007211687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bdcc613252dee72021-12-23 11:52:02.444root 11241100x80000000000000007211688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3703722ae23ad3312021-12-23 11:52:02.444root 11241100x80000000000000007211689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6f7ffb7c6f0a602021-12-23 11:52:02.943root 11241100x80000000000000007211690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c8fb7a8971dd6e2021-12-23 11:52:02.943root 11241100x80000000000000007211691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d0bb0a256d15072021-12-23 11:52:02.943root 11241100x80000000000000007211692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f58afb4fec6b82021-12-23 11:52:02.943root 11241100x80000000000000007211693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4f1298e186cf0f2021-12-23 11:52:02.943root 11241100x80000000000000007211694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3265d0f010369172021-12-23 11:52:02.944root 11241100x80000000000000007211695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa17a96c9c350a42021-12-23 11:52:02.944root 11241100x80000000000000007211696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bd8d123881fb782021-12-23 11:52:02.944root 11241100x80000000000000007211697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d304e2c18656112021-12-23 11:52:02.944root 11241100x80000000000000007211698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab5656b997e4df2021-12-23 11:52:02.945root 11241100x80000000000000007211699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5d328e5b70e9582021-12-23 11:52:02.945root 11241100x80000000000000007211700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e28646a66af4b62021-12-23 11:52:02.945root 11241100x80000000000000007211701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2069baff8b5ca4cf2021-12-23 11:52:02.945root 11241100x80000000000000007211702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115b8f63ec10f91e2021-12-23 11:52:02.945root 11241100x80000000000000007211703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de13c105fabefa592021-12-23 11:52:02.945root 11241100x80000000000000007211704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f0289dcb4879592021-12-23 11:52:02.945root 23542300x80000000000000007211705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007211706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd95f5bab59a989d2021-12-23 11:52:03.443root 11241100x80000000000000007211707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4320cd90da7fb92021-12-23 11:52:03.443root 11241100x80000000000000007211708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97e2550eba582572021-12-23 11:52:03.443root 11241100x80000000000000007211709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4663b756cdbe4d2021-12-23 11:52:03.443root 11241100x80000000000000007211710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484939951800d1322021-12-23 11:52:03.443root 11241100x80000000000000007211711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e618b6dbee3005e02021-12-23 11:52:03.443root 11241100x80000000000000007211712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1449f00d1dfc40a02021-12-23 11:52:03.444root 11241100x80000000000000007211713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75289ce367b4efd52021-12-23 11:52:03.444root 11241100x80000000000000007211714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361a37786c2f37572021-12-23 11:52:03.444root 11241100x80000000000000007211715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12978385ffc4a062021-12-23 11:52:03.444root 11241100x80000000000000007211716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c06bce957f0aed2021-12-23 11:52:03.444root 11241100x80000000000000007211717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eded7321cadd232021-12-23 11:52:03.444root 11241100x80000000000000007211718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e2d90e52605fc32021-12-23 11:52:03.444root 11241100x80000000000000007211719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeafea44c1f0f8692021-12-23 11:52:03.444root 11241100x80000000000000007211720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00588436d64ab9692021-12-23 11:52:03.444root 11241100x80000000000000007211721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6afcf25c7da33b02021-12-23 11:52:03.444root 11241100x80000000000000007211722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58de232049df4da2021-12-23 11:52:03.444root 11241100x80000000000000007211723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e01a0a35e4742142021-12-23 11:52:03.943root 11241100x80000000000000007211724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf1754c893158a42021-12-23 11:52:03.943root 11241100x80000000000000007211725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002de8cb5a1582f2021-12-23 11:52:03.943root 11241100x80000000000000007211726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c45441500fc4df2021-12-23 11:52:03.943root 11241100x80000000000000007211727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a7d23cba78d0092021-12-23 11:52:03.943root 11241100x80000000000000007211728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eccee803b2fe6b2021-12-23 11:52:03.944root 11241100x80000000000000007211729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6d4261a3f404bd2021-12-23 11:52:03.944root 11241100x80000000000000007211730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d38084581208fb2021-12-23 11:52:03.944root 11241100x80000000000000007211731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d087453f90b71a552021-12-23 11:52:03.944root 11241100x80000000000000007211732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6d7b713578621e2021-12-23 11:52:03.944root 11241100x80000000000000007211733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80ac38e8eb34e992021-12-23 11:52:03.944root 11241100x80000000000000007211734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f07cca19da555a2021-12-23 11:52:03.944root 11241100x80000000000000007211735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079200ea83fa9c742021-12-23 11:52:03.944root 11241100x80000000000000007211736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ac9cc11e6db7852021-12-23 11:52:03.944root 11241100x80000000000000007211737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe23188307ba2dfe2021-12-23 11:52:03.944root 11241100x80000000000000007211738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9059a687d9b6532e2021-12-23 11:52:03.944root 11241100x80000000000000007211739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93a7f6bc375aadc2021-12-23 11:52:03.945root 11241100x80000000000000007211740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d061b1bc5a433fdb2021-12-23 11:52:04.442root 11241100x80000000000000007211741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63467a1d956585e42021-12-23 11:52:04.443root 11241100x80000000000000007211742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb349ae7dd64fcb2021-12-23 11:52:04.443root 11241100x80000000000000007211743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1daee43927ed77f2021-12-23 11:52:04.443root 11241100x80000000000000007211744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc58204d7a2e9aa2021-12-23 11:52:04.443root 11241100x80000000000000007211745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71bd7f11bdb3a062021-12-23 11:52:04.443root 11241100x80000000000000007211746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd51dd0101b488b2021-12-23 11:52:04.443root 11241100x80000000000000007211747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048df91509a99b602021-12-23 11:52:04.443root 11241100x80000000000000007211748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe783fc024c14d02021-12-23 11:52:04.443root 11241100x80000000000000007211749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3414ab80c2dcdcb02021-12-23 11:52:04.444root 11241100x80000000000000007211750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21691aed66f9ad522021-12-23 11:52:04.444root 11241100x80000000000000007211751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03baf697b733d3e2021-12-23 11:52:04.444root 11241100x80000000000000007211752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1379032a59023ab12021-12-23 11:52:04.444root 11241100x80000000000000007211753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfff73a6d38395272021-12-23 11:52:04.444root 11241100x80000000000000007211754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51873fb00e290a6b2021-12-23 11:52:04.444root 11241100x80000000000000007211755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ebe4371c516ad12021-12-23 11:52:04.444root 11241100x80000000000000007211756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b9d8b763add8d52021-12-23 11:52:04.444root 11241100x80000000000000007211757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57ff6fbb68458602021-12-23 11:52:04.943root 11241100x80000000000000007211758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007a28f18fea19e12021-12-23 11:52:04.943root 11241100x80000000000000007211759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d2aa559f1d09312021-12-23 11:52:04.943root 11241100x80000000000000007211760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8970561288dfaf2021-12-23 11:52:04.943root 11241100x80000000000000007211761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cee66d5aa8fde852021-12-23 11:52:04.943root 11241100x80000000000000007211762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71895fc0be066e702021-12-23 11:52:04.943root 11241100x80000000000000007211763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34823cd684ca54302021-12-23 11:52:04.943root 11241100x80000000000000007211764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c17cd05b26530a42021-12-23 11:52:04.943root 11241100x80000000000000007211765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd6fdc233c828012021-12-23 11:52:04.943root 11241100x80000000000000007211766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba54046a071673202021-12-23 11:52:04.944root 11241100x80000000000000007211767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc8ffbad1a53d4c2021-12-23 11:52:04.944root 11241100x80000000000000007211768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70ddc862e5b3b662021-12-23 11:52:04.944root 11241100x80000000000000007211769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cca71d18a325632021-12-23 11:52:04.944root 11241100x80000000000000007211770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5721c917d779e0ec2021-12-23 11:52:04.944root 11241100x80000000000000007211771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775da48b6233dafe2021-12-23 11:52:04.944root 11241100x80000000000000007211772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fe29a080f616a32021-12-23 11:52:04.944root 11241100x80000000000000007211773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6b2332771c0e4e2021-12-23 11:52:04.944root 11241100x80000000000000007211774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90334ee787c2f812021-12-23 11:52:05.443root 11241100x80000000000000007211775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8bfe84020547b52021-12-23 11:52:05.443root 11241100x80000000000000007211776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf624117c001ab12021-12-23 11:52:05.443root 11241100x80000000000000007211777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59e1dc6e4f976512021-12-23 11:52:05.443root 11241100x80000000000000007211778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9452502bb2d1406d2021-12-23 11:52:05.443root 11241100x80000000000000007211779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c26ea001b3fc92021-12-23 11:52:05.443root 11241100x80000000000000007211780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3eef6254f5ec72021-12-23 11:52:05.443root 11241100x80000000000000007211781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ab821afa26d3c92021-12-23 11:52:05.444root 11241100x80000000000000007211782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8654381dab1ddb5c2021-12-23 11:52:05.444root 11241100x80000000000000007211783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248a51e0d041d11d2021-12-23 11:52:05.444root 11241100x80000000000000007211784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3e0ff684cd2c02021-12-23 11:52:05.444root 11241100x80000000000000007211785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67afef90a3487a62021-12-23 11:52:05.444root 11241100x80000000000000007211786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d46803541199822021-12-23 11:52:05.444root 11241100x80000000000000007211787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb897ce021eb4792021-12-23 11:52:05.444root 11241100x80000000000000007211788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0801eb02145b26d32021-12-23 11:52:05.444root 11241100x80000000000000007211789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5bc83972b2b7a2021-12-23 11:52:05.444root 11241100x80000000000000007211790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc845bf16d3093892021-12-23 11:52:05.444root 11241100x80000000000000007211791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0dd69b3cb0cfbd2021-12-23 11:52:05.943root 11241100x80000000000000007211792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcd819700c48f3b2021-12-23 11:52:05.943root 11241100x80000000000000007211793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab3cf52cf38b22c2021-12-23 11:52:05.943root 11241100x80000000000000007211794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38facb196474d9e2021-12-23 11:52:05.943root 11241100x80000000000000007211795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6b3d1d56969b2f2021-12-23 11:52:05.943root 11241100x80000000000000007211796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67d1fdfc8d667d62021-12-23 11:52:05.943root 11241100x80000000000000007211797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6be0161a7612fc2021-12-23 11:52:05.943root 11241100x80000000000000007211798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac54b31f30c94022021-12-23 11:52:05.943root 11241100x80000000000000007211799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a835e2c8ba96882021-12-23 11:52:05.943root 11241100x80000000000000007211800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b0018de32a43af2021-12-23 11:52:05.943root 11241100x80000000000000007211801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4098003b3fea6d462021-12-23 11:52:05.943root 11241100x80000000000000007211802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b9efd946147b8e2021-12-23 11:52:05.943root 11241100x80000000000000007211803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78e127850dd20b42021-12-23 11:52:05.944root 11241100x80000000000000007211804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aee3a4eca11e552021-12-23 11:52:05.944root 11241100x80000000000000007211805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f2021c04886af42021-12-23 11:52:05.944root 11241100x80000000000000007211806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883625b822e737472021-12-23 11:52:05.944root 11241100x80000000000000007211807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5993edfdc0396372021-12-23 11:52:05.944root 11241100x80000000000000007211808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b647d3e7f42c77c22021-12-23 11:52:06.443root 11241100x80000000000000007211809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627b736421426a422021-12-23 11:52:06.443root 11241100x80000000000000007211810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b6b97249594a052021-12-23 11:52:06.443root 11241100x80000000000000007211811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e42f5677336b33d2021-12-23 11:52:06.443root 11241100x80000000000000007211812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9709e74f3644eab2021-12-23 11:52:06.443root 11241100x80000000000000007211813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2b1f863cfac88e2021-12-23 11:52:06.443root 11241100x80000000000000007211814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a77e818b84f03082021-12-23 11:52:06.443root 11241100x80000000000000007211815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0918cd41d7eb0f72021-12-23 11:52:06.444root 11241100x80000000000000007211816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ec7996a60c242e2021-12-23 11:52:06.444root 11241100x80000000000000007211817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5d1f946798fe3a2021-12-23 11:52:06.444root 11241100x80000000000000007211818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a641e430493ac6e2021-12-23 11:52:06.444root 11241100x80000000000000007211819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b97b8101129a002021-12-23 11:52:06.444root 11241100x80000000000000007211820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed74bcc2c4b375e22021-12-23 11:52:06.444root 11241100x80000000000000007211821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edec8aeb6458b99d2021-12-23 11:52:06.444root 11241100x80000000000000007211822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0df72ce1fde663c2021-12-23 11:52:06.444root 11241100x80000000000000007211823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00be706e09f1d972021-12-23 11:52:06.444root 11241100x80000000000000007211824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f021a482fb01ffe22021-12-23 11:52:06.444root 11241100x80000000000000007211825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a91085d1a4ebc932021-12-23 11:52:06.943root 11241100x80000000000000007211826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9489d216efb30f32021-12-23 11:52:06.943root 11241100x80000000000000007211827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a907aa9be4bd0e2021-12-23 11:52:06.943root 11241100x80000000000000007211828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86e513055b9d7e62021-12-23 11:52:06.943root 11241100x80000000000000007211829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbb5f72678528d2021-12-23 11:52:06.943root 11241100x80000000000000007211830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5575868949d400392021-12-23 11:52:06.944root 11241100x80000000000000007211831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20190dd32526cfb12021-12-23 11:52:06.944root 11241100x80000000000000007211832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8942bdf47ee06ff2021-12-23 11:52:06.944root 11241100x80000000000000007211833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bed6b0f614758b52021-12-23 11:52:06.944root 11241100x80000000000000007211834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c90d7df2af3c782021-12-23 11:52:06.944root 11241100x80000000000000007211835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e915cd52a8b52f2021-12-23 11:52:06.944root 11241100x80000000000000007211836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096f359b3586badd2021-12-23 11:52:06.944root 11241100x80000000000000007211837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc810117c099dc6d2021-12-23 11:52:06.944root 11241100x80000000000000007211838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eeba14e8e668962021-12-23 11:52:06.944root 11241100x80000000000000007211839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9cac51e9e25f772021-12-23 11:52:06.944root 11241100x80000000000000007211840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470a691fba922fae2021-12-23 11:52:06.944root 11241100x80000000000000007211841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac47d9668fbf4282021-12-23 11:52:06.944root 354300x80000000000000007211842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33772-false10.0.1.12-8000- 11241100x80000000000000007211843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ccc62bf0436b252021-12-23 11:52:07.443root 11241100x80000000000000007211844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39189795634b21b32021-12-23 11:52:07.443root 11241100x80000000000000007211845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d84e182a7cd9512021-12-23 11:52:07.444root 11241100x80000000000000007211846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd280645ae3e60a2021-12-23 11:52:07.444root 11241100x80000000000000007211847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96122ef34de96ff32021-12-23 11:52:07.444root 11241100x80000000000000007211848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7898ca6a397cbc32021-12-23 11:52:07.444root 11241100x80000000000000007211849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f51939914beb32021-12-23 11:52:07.444root 11241100x80000000000000007211850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a351110e33f0f2021-12-23 11:52:07.444root 11241100x80000000000000007211851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c238153be6eee91c2021-12-23 11:52:07.444root 11241100x80000000000000007211852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591e312fcf8ec5442021-12-23 11:52:07.444root 11241100x80000000000000007211853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a221a67d448c1ce2021-12-23 11:52:07.444root 11241100x80000000000000007211854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63960cc3bf98fc82021-12-23 11:52:07.444root 11241100x80000000000000007211855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9361dba6e4bcfb812021-12-23 11:52:07.444root 11241100x80000000000000007211856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed87786e417bf3c62021-12-23 11:52:07.444root 11241100x80000000000000007211857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefce7259f3db2b72021-12-23 11:52:07.445root 11241100x80000000000000007211858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516b7dbd75f629172021-12-23 11:52:07.445root 11241100x80000000000000007211859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee8c4b2adbdd9d32021-12-23 11:52:07.445root 11241100x80000000000000007211860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5183688b179497e62021-12-23 11:52:07.445root 11241100x80000000000000007211861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6f12f98eca21402021-12-23 11:52:07.943root 11241100x80000000000000007211862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c22b54516cfd1c52021-12-23 11:52:07.943root 11241100x80000000000000007211863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ec978136c1d5c2021-12-23 11:52:07.943root 11241100x80000000000000007211864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1316b51a3b2b332021-12-23 11:52:07.943root 11241100x80000000000000007211865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535f11db520b264b2021-12-23 11:52:07.943root 11241100x80000000000000007211866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a44c34dd34a70a2021-12-23 11:52:07.944root 11241100x80000000000000007211867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241fdbb96d3cdcc32021-12-23 11:52:07.944root 11241100x80000000000000007211868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b23965a1cd0f2752021-12-23 11:52:07.944root 11241100x80000000000000007211869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3da2624922429c12021-12-23 11:52:07.944root 11241100x80000000000000007211870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36440dc3df4d448b2021-12-23 11:52:07.944root 11241100x80000000000000007211871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f09053ba0086492021-12-23 11:52:07.944root 11241100x80000000000000007211872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f42831fca060cc2021-12-23 11:52:07.944root 11241100x80000000000000007211873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd85f1bf5cadd93b2021-12-23 11:52:07.944root 11241100x80000000000000007211874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba91a622df48bcc92021-12-23 11:52:07.944root 11241100x80000000000000007211875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db79001a42f573c2021-12-23 11:52:07.944root 11241100x80000000000000007211876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35362ab4c8ac65092021-12-23 11:52:07.944root 11241100x80000000000000007211877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918377058e4542172021-12-23 11:52:07.944root 11241100x80000000000000007211878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3078275651abec5c2021-12-23 11:52:07.944root 11241100x80000000000000007211879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1735033aefdb9d062021-12-23 11:52:08.443root 11241100x80000000000000007211880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244cb08d6e9ada432021-12-23 11:52:08.443root 11241100x80000000000000007211881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b9eb263c397e2f2021-12-23 11:52:08.443root 11241100x80000000000000007211882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e42570d40edaeb2021-12-23 11:52:08.443root 11241100x80000000000000007211883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaf9c15ac179ec72021-12-23 11:52:08.443root 11241100x80000000000000007211884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5406db3a2c4e1e2021-12-23 11:52:08.444root 11241100x80000000000000007211885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61459e3e36afcc872021-12-23 11:52:08.444root 11241100x80000000000000007211886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a6e251e5c2488f2021-12-23 11:52:08.444root 11241100x80000000000000007211887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d893fd5298b09c2021-12-23 11:52:08.444root 11241100x80000000000000007211888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eff4315e2436572021-12-23 11:52:08.444root 11241100x80000000000000007211889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6e56888e704f12021-12-23 11:52:08.444root 11241100x80000000000000007211890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a034e8f4f7d34bd2021-12-23 11:52:08.444root 11241100x80000000000000007211891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed76560d31a03af2021-12-23 11:52:08.444root 11241100x80000000000000007211892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6273830efb9ab2021-12-23 11:52:08.444root 11241100x80000000000000007211893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ff9f5a6e72084e2021-12-23 11:52:08.444root 11241100x80000000000000007211894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39efb34b11c92812021-12-23 11:52:08.444root 11241100x80000000000000007211895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39f720dd6b0b1722021-12-23 11:52:08.444root 11241100x80000000000000007211896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678594573bc7bc9a2021-12-23 11:52:08.445root 11241100x80000000000000007211897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06425ab05a28b112021-12-23 11:52:08.943root 11241100x80000000000000007211898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dbea642c7ea68e2021-12-23 11:52:08.943root 11241100x80000000000000007211899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22e7291a89214982021-12-23 11:52:08.943root 11241100x80000000000000007211900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2d0c203308a3442021-12-23 11:52:08.943root 11241100x80000000000000007211901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce27bac850455b942021-12-23 11:52:08.944root 11241100x80000000000000007211902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4679799b2616dbd2021-12-23 11:52:08.944root 11241100x80000000000000007211903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da3e0f7c46b4c02021-12-23 11:52:08.944root 11241100x80000000000000007211904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c005c210518b81932021-12-23 11:52:08.944root 11241100x80000000000000007211905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2c739dc0a6a0602021-12-23 11:52:08.944root 11241100x80000000000000007211906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668e38a8a8ccb23d2021-12-23 11:52:08.944root 11241100x80000000000000007211907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14758937d854d4762021-12-23 11:52:08.944root 11241100x80000000000000007211908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21862e41a7275ee92021-12-23 11:52:08.944root 11241100x80000000000000007211909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2264469f18fbac2021-12-23 11:52:08.944root 11241100x80000000000000007211910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbec9eded182b0f92021-12-23 11:52:08.944root 11241100x80000000000000007211911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f5ef2fdf2c05342021-12-23 11:52:08.944root 11241100x80000000000000007211912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8283ff4de8e257eb2021-12-23 11:52:08.944root 11241100x80000000000000007211913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3a6e190c843e562021-12-23 11:52:08.945root 11241100x80000000000000007211914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e429c4b4fb066b2021-12-23 11:52:08.945root 11241100x80000000000000007211915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62a015afb6b70652021-12-23 11:52:09.443root 11241100x80000000000000007211916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee196583136df452021-12-23 11:52:09.443root 11241100x80000000000000007211917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8987ce97b14fc02021-12-23 11:52:09.443root 11241100x80000000000000007211918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea317b1fa98b0912021-12-23 11:52:09.443root 11241100x80000000000000007211919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5df70ea06eb90bb2021-12-23 11:52:09.444root 11241100x80000000000000007211920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f44618f37b2c8cb2021-12-23 11:52:09.444root 11241100x80000000000000007211921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbbb04cf11a27d32021-12-23 11:52:09.444root 11241100x80000000000000007211922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a643108716da4d2021-12-23 11:52:09.444root 11241100x80000000000000007211923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c77045829807b622021-12-23 11:52:09.444root 11241100x80000000000000007211924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa87f233733d0632021-12-23 11:52:09.444root 11241100x80000000000000007211925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97a6438533cc4ed2021-12-23 11:52:09.444root 11241100x80000000000000007211926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7de72c2660f7c52021-12-23 11:52:09.444root 11241100x80000000000000007211927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466da13c93c483e72021-12-23 11:52:09.444root 11241100x80000000000000007211928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b92c04cf50103b22021-12-23 11:52:09.444root 11241100x80000000000000007211929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339880e947a471ca2021-12-23 11:52:09.444root 11241100x80000000000000007211930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bd5f0c739c50e12021-12-23 11:52:09.444root 11241100x80000000000000007211931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6658709b78da7552021-12-23 11:52:09.445root 11241100x80000000000000007211932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6a32bdb922c1f32021-12-23 11:52:09.445root 11241100x80000000000000007211933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42ea819de67f70f2021-12-23 11:52:09.943root 11241100x80000000000000007211934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a6545f0a4eebe42021-12-23 11:52:09.943root 11241100x80000000000000007211935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbd2be712c265ef2021-12-23 11:52:09.943root 11241100x80000000000000007211936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaff26ad555d5022021-12-23 11:52:09.943root 11241100x80000000000000007211937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23adbed25289e6182021-12-23 11:52:09.943root 11241100x80000000000000007211938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38420ec25fd7f5922021-12-23 11:52:09.943root 11241100x80000000000000007211939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb73917e8cf30062021-12-23 11:52:09.943root 11241100x80000000000000007211940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17bf4701f6e28a32021-12-23 11:52:09.943root 11241100x80000000000000007211941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae75588d5540c5a2021-12-23 11:52:09.943root 11241100x80000000000000007211942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaf7c2a0ecc3ab72021-12-23 11:52:09.944root 11241100x80000000000000007211943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250097a268df6ee62021-12-23 11:52:09.944root 11241100x80000000000000007211944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd13236f316c60d2021-12-23 11:52:09.944root 11241100x80000000000000007211945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e3988da10883f52021-12-23 11:52:09.944root 11241100x80000000000000007211946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb52814322724f7c2021-12-23 11:52:09.944root 11241100x80000000000000007211947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40695a84d3a8eb62021-12-23 11:52:09.945root 11241100x80000000000000007211948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c97ca9868d6c5b2021-12-23 11:52:09.945root 11241100x80000000000000007211949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb430103fef25f642021-12-23 11:52:09.945root 11241100x80000000000000007211950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23b41ca214d4f6f2021-12-23 11:52:09.945root 11241100x80000000000000007211951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54c5746ef41a99d2021-12-23 11:52:10.443root 11241100x80000000000000007211952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8732e7c665653a92021-12-23 11:52:10.443root 11241100x80000000000000007211953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfd73b94c7680072021-12-23 11:52:10.443root 11241100x80000000000000007211954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3269c0b013e5da2021-12-23 11:52:10.443root 11241100x80000000000000007211955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f57c9996371dc2021-12-23 11:52:10.443root 11241100x80000000000000007211956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea71851237feac2021-12-23 11:52:10.443root 11241100x80000000000000007211957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba5db0af5db42782021-12-23 11:52:10.443root 11241100x80000000000000007211958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfe48ad3c8e2aa12021-12-23 11:52:10.443root 11241100x80000000000000007211959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47868902f6193ce12021-12-23 11:52:10.444root 11241100x80000000000000007211960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adbe6b72fef01112021-12-23 11:52:10.444root 11241100x80000000000000007211961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469005b5067858482021-12-23 11:52:10.444root 11241100x80000000000000007211962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e8520c6e811ab52021-12-23 11:52:10.444root 11241100x80000000000000007211963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0520880ae8d0e5f22021-12-23 11:52:10.444root 11241100x80000000000000007211964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cf98f05e25c61d2021-12-23 11:52:10.444root 11241100x80000000000000007211965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c4eb6ab4ea511c2021-12-23 11:52:10.444root 11241100x80000000000000007211966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d53486f7e7f1e9b2021-12-23 11:52:10.444root 11241100x80000000000000007211967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552d257be08236b62021-12-23 11:52:10.444root 11241100x80000000000000007211968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085a19e42812e43a2021-12-23 11:52:10.445root 11241100x80000000000000007211969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ed03a1ae1a81392021-12-23 11:52:10.943root 11241100x80000000000000007211970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee77728cb4cee5882021-12-23 11:52:10.943root 11241100x80000000000000007211971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18649366d3afd8342021-12-23 11:52:10.943root 11241100x80000000000000007211972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198238084941a9af2021-12-23 11:52:10.943root 11241100x80000000000000007211973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e59cfecdf5e5fec2021-12-23 11:52:10.943root 11241100x80000000000000007211974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6c69421ce70cbb2021-12-23 11:52:10.944root 11241100x80000000000000007211975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153975143b1cd0222021-12-23 11:52:10.944root 11241100x80000000000000007211976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8156a0491f2fdb82021-12-23 11:52:10.944root 11241100x80000000000000007211977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7587e1be5e4ef94c2021-12-23 11:52:10.944root 11241100x80000000000000007211978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8894022553a606352021-12-23 11:52:10.944root 11241100x80000000000000007211979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbe3eb46dc53f992021-12-23 11:52:10.944root 11241100x80000000000000007211980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd318b2b4ce511b62021-12-23 11:52:10.944root 11241100x80000000000000007211981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd6d65240c57d02021-12-23 11:52:10.944root 11241100x80000000000000007211982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b01afd40eb9ce572021-12-23 11:52:10.944root 11241100x80000000000000007211983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6896e1559a94d4b32021-12-23 11:52:10.944root 11241100x80000000000000007211984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db473036290796ca2021-12-23 11:52:10.944root 11241100x80000000000000007211985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93041c8c726fb9112021-12-23 11:52:10.944root 11241100x80000000000000007211986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf2228a6acfa0f02021-12-23 11:52:10.944root 11241100x80000000000000007211987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3777a605acc9ad12021-12-23 11:52:11.443root 11241100x80000000000000007211988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a6369d51649ad82021-12-23 11:52:11.443root 11241100x80000000000000007211989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252f654b1c48ad942021-12-23 11:52:11.443root 11241100x80000000000000007211990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1980a653d9d6022021-12-23 11:52:11.443root 11241100x80000000000000007211991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a0382fcb538b62021-12-23 11:52:11.443root 11241100x80000000000000007211992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3834d24f964df72021-12-23 11:52:11.443root 11241100x80000000000000007211993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3cb0422c2cf7132021-12-23 11:52:11.444root 11241100x80000000000000007211994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178b4d74cc1547c52021-12-23 11:52:11.444root 11241100x80000000000000007211995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e865bba133fed4ca2021-12-23 11:52:11.444root 11241100x80000000000000007211996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9d73880531f67e2021-12-23 11:52:11.444root 11241100x80000000000000007211997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c949ae58bbb6d4d2021-12-23 11:52:11.444root 11241100x80000000000000007211998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f5f2ec950a92c82021-12-23 11:52:11.444root 11241100x80000000000000007211999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87b9a1010bc3b2f2021-12-23 11:52:11.444root 11241100x80000000000000007212000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118adfed56cfd9d02021-12-23 11:52:11.444root 11241100x80000000000000007212001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43ed3acfc7e69be2021-12-23 11:52:11.444root 11241100x80000000000000007212002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942faad859749b412021-12-23 11:52:11.444root 11241100x80000000000000007212003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b2c8a66c45ef032021-12-23 11:52:11.444root 11241100x80000000000000007212004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d20efc2478d1b92021-12-23 11:52:11.444root 11241100x80000000000000007212005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96531b95339b7642021-12-23 11:52:11.943root 11241100x80000000000000007212006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee8184ca70f98652021-12-23 11:52:11.943root 11241100x80000000000000007212007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0469aaa52f5175e62021-12-23 11:52:11.943root 11241100x80000000000000007212008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bdb56e4d6ecbe12021-12-23 11:52:11.943root 11241100x80000000000000007212009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fb9714c73438152021-12-23 11:52:11.943root 11241100x80000000000000007212010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e5cdf9c4cfc9d32021-12-23 11:52:11.943root 11241100x80000000000000007212011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e45864fb896168b2021-12-23 11:52:11.943root 11241100x80000000000000007212012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ffe2a3a35578732021-12-23 11:52:11.943root 11241100x80000000000000007212013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccc4090fabe9fa82021-12-23 11:52:11.943root 11241100x80000000000000007212014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7640a02067b3217e2021-12-23 11:52:11.944root 11241100x80000000000000007212015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e171905981ccc9b2021-12-23 11:52:11.944root 11241100x80000000000000007212016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b631a66c82a3f9602021-12-23 11:52:11.944root 11241100x80000000000000007212017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b71394c8c0cd3e72021-12-23 11:52:11.944root 11241100x80000000000000007212018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b689291d834f88782021-12-23 11:52:11.944root 11241100x80000000000000007212019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb2f273f366687b2021-12-23 11:52:11.944root 11241100x80000000000000007212020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50d5973c13d505d2021-12-23 11:52:11.944root 11241100x80000000000000007212021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b30a3490401b9d92021-12-23 11:52:11.944root 11241100x80000000000000007212022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc66e108524fd7e42021-12-23 11:52:11.944root 354300x80000000000000007212023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.183{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33774-false10.0.1.12-8000- 11241100x80000000000000007212024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50504275fd5b05882021-12-23 11:52:12.443root 11241100x80000000000000007212025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae128336ce365d4e2021-12-23 11:52:12.443root 11241100x80000000000000007212026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b0d54ba53761382021-12-23 11:52:12.443root 11241100x80000000000000007212027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e0a8fc40666762021-12-23 11:52:12.443root 11241100x80000000000000007212028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f725dd0bed3aafed2021-12-23 11:52:12.444root 11241100x80000000000000007212029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4377c2165bcaea482021-12-23 11:52:12.444root 11241100x80000000000000007212030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bebd9723252b1882021-12-23 11:52:12.444root 11241100x80000000000000007212031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21149563e910dfe12021-12-23 11:52:12.444root 11241100x80000000000000007212032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a246bec0e6e2022021-12-23 11:52:12.444root 11241100x80000000000000007212033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115e1854c706fa362021-12-23 11:52:12.444root 11241100x80000000000000007212034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d46c9965704c8c12021-12-23 11:52:12.444root 11241100x80000000000000007212035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c74d6196933e7c2021-12-23 11:52:12.444root 11241100x80000000000000007212036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7b7480d961886a2021-12-23 11:52:12.444root 11241100x80000000000000007212037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63118a34f42f40ad2021-12-23 11:52:12.444root 11241100x80000000000000007212038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820acd128cdf128a2021-12-23 11:52:12.444root 11241100x80000000000000007212039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af7545e8d7140c42021-12-23 11:52:12.444root 11241100x80000000000000007212040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42270c7de5557ce82021-12-23 11:52:12.445root 11241100x80000000000000007212041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19588dd4e6d4fe172021-12-23 11:52:12.445root 11241100x80000000000000007212042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e112f2f9f4136672021-12-23 11:52:12.445root 11241100x80000000000000007212043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb79ded715ce132021-12-23 11:52:12.943root 11241100x80000000000000007212044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8948e24e7a743b2021-12-23 11:52:12.943root 11241100x80000000000000007212045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e315258a86b48ea2021-12-23 11:52:12.943root 11241100x80000000000000007212046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5fcde2a8b4ab2e2021-12-23 11:52:12.944root 11241100x80000000000000007212047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bfe36a877a36862021-12-23 11:52:12.944root 11241100x80000000000000007212048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad5e170dec16f322021-12-23 11:52:12.944root 11241100x80000000000000007212049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9844c9ebb707c95b2021-12-23 11:52:12.944root 11241100x80000000000000007212050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b315c19ae81b51c2021-12-23 11:52:12.944root 11241100x80000000000000007212051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a0579425ff33d2021-12-23 11:52:12.944root 11241100x80000000000000007212052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1459a26ecd9768672021-12-23 11:52:12.944root 11241100x80000000000000007212053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32903103d1b992b32021-12-23 11:52:12.944root 11241100x80000000000000007212054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6a5fceb6cfa87d2021-12-23 11:52:12.944root 11241100x80000000000000007212055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52bd6d55f48d3332021-12-23 11:52:12.945root 11241100x80000000000000007212056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf991aac2e7b0ba2021-12-23 11:52:12.945root 11241100x80000000000000007212057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0775a9ae3fe0ce102021-12-23 11:52:12.945root 11241100x80000000000000007212058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ecfd55c68cefb2021-12-23 11:52:12.945root 11241100x80000000000000007212059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8afea418b654cb2021-12-23 11:52:12.945root 11241100x80000000000000007212060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417c1c31d04eb8842021-12-23 11:52:12.945root 11241100x80000000000000007212061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288bcdda2bb8d6d42021-12-23 11:52:12.945root 11241100x80000000000000007212062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e082894facd1eb2021-12-23 11:52:13.443root 11241100x80000000000000007212063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3d8638fc0e93d42021-12-23 11:52:13.443root 11241100x80000000000000007212064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bad38f095d69df32021-12-23 11:52:13.443root 11241100x80000000000000007212065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b6b48479d043b72021-12-23 11:52:13.443root 11241100x80000000000000007212066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9f0d3231f0dce22021-12-23 11:52:13.443root 11241100x80000000000000007212067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a559f7e13f8dceae2021-12-23 11:52:13.443root 11241100x80000000000000007212068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ffd0cfbe67079a2021-12-23 11:52:13.444root 11241100x80000000000000007212069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c26f65d18cf29f2021-12-23 11:52:13.444root 11241100x80000000000000007212070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248b359950bf61602021-12-23 11:52:13.444root 11241100x80000000000000007212071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5da1d59572d819f2021-12-23 11:52:13.444root 11241100x80000000000000007212072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f780846e9819116d2021-12-23 11:52:13.444root 11241100x80000000000000007212073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2bdd9b09ca39a52021-12-23 11:52:13.444root 11241100x80000000000000007212074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22d15d431ed6ff72021-12-23 11:52:13.444root 11241100x80000000000000007212075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1e61f748db57cc2021-12-23 11:52:13.444root 11241100x80000000000000007212076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131e6066b7b7bcd82021-12-23 11:52:13.444root 11241100x80000000000000007212077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b290f70268b54c2021-12-23 11:52:13.444root 11241100x80000000000000007212078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43804a2be9be68462021-12-23 11:52:13.444root 11241100x80000000000000007212079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8db4ee751adce2021-12-23 11:52:13.444root 11241100x80000000000000007212080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee1046345a523bd2021-12-23 11:52:13.444root 11241100x80000000000000007212081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e1e3b6184384f32021-12-23 11:52:13.943root 11241100x80000000000000007212082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129613e6204454512021-12-23 11:52:13.943root 11241100x80000000000000007212083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7d665209847d522021-12-23 11:52:13.943root 11241100x80000000000000007212084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5e69360c32637f2021-12-23 11:52:13.943root 11241100x80000000000000007212085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de56c0cae3d428752021-12-23 11:52:13.943root 11241100x80000000000000007212086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a1aeef4f7e71f42021-12-23 11:52:13.943root 11241100x80000000000000007212087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a083b735b3c62e2021-12-23 11:52:13.943root 11241100x80000000000000007212088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c768e246e1c3c032021-12-23 11:52:13.943root 11241100x80000000000000007212089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41440eebf3bb6ae02021-12-23 11:52:13.943root 11241100x80000000000000007212090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aea5f63039b00c2021-12-23 11:52:13.943root 11241100x80000000000000007212091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06ef761364ac58b2021-12-23 11:52:13.943root 11241100x80000000000000007212092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f824132f889bac8e2021-12-23 11:52:13.944root 11241100x80000000000000007212093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfb1d3dfb2264572021-12-23 11:52:13.944root 11241100x80000000000000007212094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700657c0c41dd5c2021-12-23 11:52:13.944root 11241100x80000000000000007212095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af57807df5596f2d2021-12-23 11:52:13.944root 11241100x80000000000000007212096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed9b18ff7071df2021-12-23 11:52:13.944root 11241100x80000000000000007212097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e41eb10d4deccd92021-12-23 11:52:13.944root 11241100x80000000000000007212098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e74ca4f0ccfaa5a2021-12-23 11:52:13.944root 11241100x80000000000000007212099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d68277d3ac3bb1c2021-12-23 11:52:13.944root 11241100x80000000000000007212100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3b87414926df372021-12-23 11:52:14.443root 11241100x80000000000000007212101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4ab6e8081bf63b2021-12-23 11:52:14.443root 11241100x80000000000000007212102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad78163416f06b82021-12-23 11:52:14.443root 11241100x80000000000000007212103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a196507d0a68c42021-12-23 11:52:14.443root 11241100x80000000000000007212104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bd3800a73a1d4f2021-12-23 11:52:14.444root 11241100x80000000000000007212105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0412b9e0d01d8422021-12-23 11:52:14.444root 11241100x80000000000000007212106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af6e60f9e671b362021-12-23 11:52:14.444root 11241100x80000000000000007212107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927466f2ea8411a2021-12-23 11:52:14.444root 11241100x80000000000000007212108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e2991cbe31d57e2021-12-23 11:52:14.444root 11241100x80000000000000007212109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89053b1a30df8f62021-12-23 11:52:14.444root 11241100x80000000000000007212110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372f69529c8fa0552021-12-23 11:52:14.444root 11241100x80000000000000007212111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1290279f2a60022021-12-23 11:52:14.444root 11241100x80000000000000007212112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d1d1330ac1e272021-12-23 11:52:14.444root 11241100x80000000000000007212113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d6c449c1e7967e2021-12-23 11:52:14.444root 11241100x80000000000000007212114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58f70d243214b022021-12-23 11:52:14.444root 11241100x80000000000000007212115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad11adc22ca05c542021-12-23 11:52:14.445root 11241100x80000000000000007212116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a371d7c27ccb832021-12-23 11:52:14.445root 11241100x80000000000000007212117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae741f5f1270a242021-12-23 11:52:14.445root 11241100x80000000000000007212118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908ae20a43f77eb92021-12-23 11:52:14.445root 11241100x80000000000000007212119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb72073e9a433f32021-12-23 11:52:14.943root 11241100x80000000000000007212120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6378062d777cd92021-12-23 11:52:14.943root 11241100x80000000000000007212121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c39b7a4356ab322021-12-23 11:52:14.943root 11241100x80000000000000007212122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4088485a8ba752462021-12-23 11:52:14.943root 11241100x80000000000000007212123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbf53a0d96f04e12021-12-23 11:52:14.944root 11241100x80000000000000007212124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca49e8f1d788e982021-12-23 11:52:14.944root 11241100x80000000000000007212125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4ba082ee30b0232021-12-23 11:52:14.944root 11241100x80000000000000007212126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2807bb3a6a607eb2021-12-23 11:52:14.944root 11241100x80000000000000007212127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6475b2a84da44d8e2021-12-23 11:52:14.944root 11241100x80000000000000007212128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6425f126714ba7892021-12-23 11:52:14.944root 11241100x80000000000000007212129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f35258863491442021-12-23 11:52:14.944root 11241100x80000000000000007212130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccd7ddbb443223b2021-12-23 11:52:14.944root 11241100x80000000000000007212131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071329b8a266a2e32021-12-23 11:52:14.944root 11241100x80000000000000007212132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d68d770d169bdb2021-12-23 11:52:14.944root 11241100x80000000000000007212133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646c425ff8cf9a1b2021-12-23 11:52:14.944root 11241100x80000000000000007212134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fb7d2a8302662d2021-12-23 11:52:14.945root 11241100x80000000000000007212135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08725c0399f023c92021-12-23 11:52:14.945root 11241100x80000000000000007212136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2981d2b767980cb22021-12-23 11:52:14.945root 11241100x80000000000000007212137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49f7f6f978262d02021-12-23 11:52:14.945root 11241100x80000000000000007212138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10a92001ae117fd2021-12-23 11:52:15.443root 11241100x80000000000000007212139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd9c7b870c32462021-12-23 11:52:15.443root 11241100x80000000000000007212140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d875c62a798f52ed2021-12-23 11:52:15.443root 11241100x80000000000000007212141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cfed14ef0f7b5a2021-12-23 11:52:15.443root 11241100x80000000000000007212142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ead3ab089b101ac2021-12-23 11:52:15.443root 11241100x80000000000000007212143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1541d60aa1a1ec472021-12-23 11:52:15.443root 11241100x80000000000000007212144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75ab7446b2c8fc22021-12-23 11:52:15.443root 11241100x80000000000000007212145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a301bf5c88248ab42021-12-23 11:52:15.444root 11241100x80000000000000007212146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d385b1660e8ef52021-12-23 11:52:15.444root 11241100x80000000000000007212147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9897f1c51c8f11d2021-12-23 11:52:15.444root 11241100x80000000000000007212148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e3b0eda547a8f22021-12-23 11:52:15.444root 11241100x80000000000000007212149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e60ea597cb092be2021-12-23 11:52:15.444root 11241100x80000000000000007212150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a729f2fd0aa2d7d32021-12-23 11:52:15.444root 11241100x80000000000000007212151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34577c638c0755c2021-12-23 11:52:15.444root 11241100x80000000000000007212152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05af88fd442fcdeb2021-12-23 11:52:15.444root 11241100x80000000000000007212153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8832ef0ad65b0e422021-12-23 11:52:15.444root 11241100x80000000000000007212154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b40ee0f5d0aab72021-12-23 11:52:15.444root 11241100x80000000000000007212155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c1294d10af8d482021-12-23 11:52:15.444root 11241100x80000000000000007212156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9e947dc26cf5482021-12-23 11:52:15.444root 11241100x80000000000000007212157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16ee6849bed0fbe2021-12-23 11:52:15.943root 11241100x80000000000000007212158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc7f65b3b72e5152021-12-23 11:52:15.943root 11241100x80000000000000007212159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc5530ff711ef992021-12-23 11:52:15.943root 11241100x80000000000000007212160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d565094dbf2378852021-12-23 11:52:15.943root 11241100x80000000000000007212161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2874d21466f5faa2021-12-23 11:52:15.944root 11241100x80000000000000007212162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb39177e5d5da72021-12-23 11:52:15.944root 11241100x80000000000000007212163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d724eb871e392d2021-12-23 11:52:15.944root 11241100x80000000000000007212164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84867a7e33db1f992021-12-23 11:52:15.944root 11241100x80000000000000007212165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544ccfaf2e0a50592021-12-23 11:52:15.944root 11241100x80000000000000007212166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f858bbf4ce28782021-12-23 11:52:15.944root 11241100x80000000000000007212167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8544692a06570e0a2021-12-23 11:52:15.944root 11241100x80000000000000007212168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6cdf090d5a15132021-12-23 11:52:15.944root 11241100x80000000000000007212169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77e07ebe230757b2021-12-23 11:52:15.945root 11241100x80000000000000007212170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d2a4feea27696b2021-12-23 11:52:15.945root 11241100x80000000000000007212171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc003b47157d3592021-12-23 11:52:15.945root 11241100x80000000000000007212172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ca943735ff9f062021-12-23 11:52:15.945root 11241100x80000000000000007212173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa88c2cef7319342021-12-23 11:52:15.945root 11241100x80000000000000007212174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274131b7de7f29892021-12-23 11:52:15.945root 11241100x80000000000000007212175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543fe0c4b56f43c2021-12-23 11:52:15.945root 11241100x80000000000000007212176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b684cc0778dcb59b2021-12-23 11:52:16.446root 11241100x80000000000000007212177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708b2b6f82ff33762021-12-23 11:52:16.446root 11241100x80000000000000007212178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eee821043ba0e5b2021-12-23 11:52:16.446root 11241100x80000000000000007212179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df60931035073952021-12-23 11:52:16.446root 11241100x80000000000000007212180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00afb105d02ab84d2021-12-23 11:52:16.447root 11241100x80000000000000007212181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0336cb6bc7fa9a232021-12-23 11:52:16.447root 11241100x80000000000000007212182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b310677d50104f2021-12-23 11:52:16.447root 11241100x80000000000000007212183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39434a72120dbe72021-12-23 11:52:16.447root 11241100x80000000000000007212184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3224acb58877842d2021-12-23 11:52:16.447root 11241100x80000000000000007212185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abc77c686b11fc12021-12-23 11:52:16.447root 11241100x80000000000000007212186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7231e00da3378f22021-12-23 11:52:16.447root 11241100x80000000000000007212187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794f69dd02645dd02021-12-23 11:52:16.447root 11241100x80000000000000007212188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38853dc3e545a132021-12-23 11:52:16.447root 11241100x80000000000000007212189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0b7c7f648b97f62021-12-23 11:52:16.447root 11241100x80000000000000007212190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e47fb7ea850452021-12-23 11:52:16.447root 11241100x80000000000000007212191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1175b8e3ed13812021-12-23 11:52:16.447root 11241100x80000000000000007212192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fed3394943e8e42021-12-23 11:52:16.447root 11241100x80000000000000007212193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1aa842e9e6c2a92021-12-23 11:52:16.447root 11241100x80000000000000007212194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd2cf30aa3dd4692021-12-23 11:52:16.448root 11241100x80000000000000007212195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4331a4e22e59863b2021-12-23 11:52:16.942root 11241100x80000000000000007212196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e96c5e2de30b312021-12-23 11:52:16.943root 11241100x80000000000000007212197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc7a73edaf9f6fa2021-12-23 11:52:16.943root 11241100x80000000000000007212198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b7fd95151ee5392021-12-23 11:52:16.943root 11241100x80000000000000007212199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ed9aa48b135c4b2021-12-23 11:52:16.943root 11241100x80000000000000007212200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6276277e5c0537442021-12-23 11:52:16.943root 11241100x80000000000000007212201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3f498aedda71ec2021-12-23 11:52:16.943root 11241100x80000000000000007212202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58656c021e74c872021-12-23 11:52:16.943root 11241100x80000000000000007212203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe5695a89fd3f032021-12-23 11:52:16.943root 11241100x80000000000000007212204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74fc2a201e3c6d82021-12-23 11:52:16.944root 11241100x80000000000000007212205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cb1e2fefc86bbb2021-12-23 11:52:16.944root 11241100x80000000000000007212206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30ab3eff1dadebd2021-12-23 11:52:16.944root 11241100x80000000000000007212207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a4e10b04809d332021-12-23 11:52:16.944root 11241100x80000000000000007212208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8f1206489f030a2021-12-23 11:52:16.944root 11241100x80000000000000007212209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e882a057d4e532021-12-23 11:52:16.944root 11241100x80000000000000007212210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e411f885a0540a2021-12-23 11:52:16.945root 11241100x80000000000000007212211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c2173ec6cc8c292021-12-23 11:52:16.945root 11241100x80000000000000007212212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b9fadfbdcd6c982021-12-23 11:52:16.945root 11241100x80000000000000007212213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db9c3d4b439372c2021-12-23 11:52:16.945root 11241100x80000000000000007212214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e600de1deeccb642021-12-23 11:52:17.442root 11241100x80000000000000007212215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ae0319f9c5c8fe2021-12-23 11:52:17.443root 11241100x80000000000000007212216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943ff8adb3411702021-12-23 11:52:17.443root 11241100x80000000000000007212217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db092e27c66368122021-12-23 11:52:17.443root 11241100x80000000000000007212218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e24f8f63c80c752021-12-23 11:52:17.443root 11241100x80000000000000007212219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da032d97a428912021-12-23 11:52:17.443root 11241100x80000000000000007212220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633a2cba2e2121392021-12-23 11:52:17.443root 11241100x80000000000000007212221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f4b72921a3d4e12021-12-23 11:52:17.444root 11241100x80000000000000007212222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1930e2beec0ffd2021-12-23 11:52:17.444root 11241100x80000000000000007212223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baddccf2b9d377912021-12-23 11:52:17.444root 11241100x80000000000000007212224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50939e8b75163882021-12-23 11:52:17.445root 11241100x80000000000000007212225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f6a8614ad500bf2021-12-23 11:52:17.445root 11241100x80000000000000007212226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e323dd4bd13df72021-12-23 11:52:17.445root 11241100x80000000000000007212227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e56f39a4bef4ff22021-12-23 11:52:17.445root 11241100x80000000000000007212228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33025c92c157374c2021-12-23 11:52:17.445root 11241100x80000000000000007212229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf13f0408568242021-12-23 11:52:17.445root 11241100x80000000000000007212230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfda0277e6d67fc2021-12-23 11:52:17.445root 11241100x80000000000000007212231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4586eec9f3a5e1b2021-12-23 11:52:17.446root 11241100x80000000000000007212232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5af7c8a281ec5f22021-12-23 11:52:17.446root 11241100x80000000000000007212233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d5e3f7e54f8f0f2021-12-23 11:52:17.943root 11241100x80000000000000007212234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1519c1c89484c1c12021-12-23 11:52:17.943root 11241100x80000000000000007212235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac96ab29287041f2021-12-23 11:52:17.943root 11241100x80000000000000007212236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2123cb19db9456d92021-12-23 11:52:17.943root 11241100x80000000000000007212237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c654ecdd95f6a362021-12-23 11:52:17.943root 11241100x80000000000000007212238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9ec7754119bc6d2021-12-23 11:52:17.943root 11241100x80000000000000007212239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca4f350f7347d62021-12-23 11:52:17.943root 11241100x80000000000000007212240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856f7e8ce835880a2021-12-23 11:52:17.943root 11241100x80000000000000007212241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ea116d04122e552021-12-23 11:52:17.943root 11241100x80000000000000007212242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79df6384423c1602021-12-23 11:52:17.943root 11241100x80000000000000007212243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e73f330926a7212021-12-23 11:52:17.943root 11241100x80000000000000007212244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02377ccd4fe5dedf2021-12-23 11:52:17.944root 11241100x80000000000000007212245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e331e02adab1e2021-12-23 11:52:17.944root 11241100x80000000000000007212246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7858df61307b1c22021-12-23 11:52:17.944root 11241100x80000000000000007212247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f242f0f5e1cdb1992021-12-23 11:52:17.944root 11241100x80000000000000007212248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c255df2631da34f2021-12-23 11:52:17.944root 11241100x80000000000000007212249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1f680cef2e9f442021-12-23 11:52:17.944root 11241100x80000000000000007212250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b5ebbd04348d2d2021-12-23 11:52:17.944root 11241100x80000000000000007212251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9c7a6408e80fdc2021-12-23 11:52:17.944root 354300x80000000000000007212252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.034{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33776-false10.0.1.12-8000- 11241100x80000000000000007212253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaea3e8d19a9e9d2021-12-23 11:52:18.443root 11241100x80000000000000007212254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906b1fbfb65cb43f2021-12-23 11:52:18.443root 11241100x80000000000000007212255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11137ec91c7a2ad42021-12-23 11:52:18.443root 11241100x80000000000000007212256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfd160987c30d212021-12-23 11:52:18.443root 11241100x80000000000000007212257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41971b7af9695932021-12-23 11:52:18.443root 11241100x80000000000000007212258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c554377b97f77e2021-12-23 11:52:18.443root 11241100x80000000000000007212259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da28e58eef73b4c72021-12-23 11:52:18.443root 11241100x80000000000000007212260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b979cb019507e7832021-12-23 11:52:18.443root 11241100x80000000000000007212261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c8cad30d761bf72021-12-23 11:52:18.443root 11241100x80000000000000007212262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c2e4f92cbe94132021-12-23 11:52:18.443root 11241100x80000000000000007212263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b597eab38284bf7f2021-12-23 11:52:18.443root 11241100x80000000000000007212264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742132a2a1620c352021-12-23 11:52:18.444root 11241100x80000000000000007212265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653249d4b73ccf662021-12-23 11:52:18.444root 11241100x80000000000000007212266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc839e4c511741d2021-12-23 11:52:18.444root 11241100x80000000000000007212267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc13bd377cfbe3e2021-12-23 11:52:18.444root 11241100x80000000000000007212268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1701632d2bce6d992021-12-23 11:52:18.444root 11241100x80000000000000007212269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d061907deae5fba2021-12-23 11:52:18.444root 11241100x80000000000000007212270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d75aba2c4500ac72021-12-23 11:52:18.444root 11241100x80000000000000007212271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e9b65b569e44a62021-12-23 11:52:18.444root 11241100x80000000000000007212272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf39813c263e64902021-12-23 11:52:18.444root 11241100x80000000000000007212273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c112833bf8b8612021-12-23 11:52:18.444root 11241100x80000000000000007212274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118497144a7e2f682021-12-23 11:52:18.444root 11241100x80000000000000007212275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9877f9450eba15a62021-12-23 11:52:18.445root 11241100x80000000000000007212276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142290943025efed2021-12-23 11:52:18.445root 11241100x80000000000000007212277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6342f1ebb5cf04e52021-12-23 11:52:18.445root 11241100x80000000000000007212278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d019bab31392e92d2021-12-23 11:52:18.445root 11241100x80000000000000007212279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4983c30871cdea502021-12-23 11:52:18.445root 11241100x80000000000000007212280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e54a0298ca4e092021-12-23 11:52:18.445root 11241100x80000000000000007212281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eda9de2e5b266c2021-12-23 11:52:18.445root 11241100x80000000000000007212282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87712abe0f98370c2021-12-23 11:52:18.943root 11241100x80000000000000007212283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeac17751cb94c62021-12-23 11:52:18.943root 11241100x80000000000000007212284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f73b97bb16f0e612021-12-23 11:52:18.943root 11241100x80000000000000007212285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c31dfcb820602402021-12-23 11:52:18.943root 11241100x80000000000000007212286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d1aaafad04adf32021-12-23 11:52:18.944root 11241100x80000000000000007212287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e91409be43a9242021-12-23 11:52:18.944root 11241100x80000000000000007212288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad625a6418e3d7492021-12-23 11:52:18.944root 11241100x80000000000000007212289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e008d9cbca13fde2021-12-23 11:52:18.944root 11241100x80000000000000007212290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e262727d81f5fac12021-12-23 11:52:18.944root 11241100x80000000000000007212291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cf634efd0ca33c2021-12-23 11:52:18.944root 11241100x80000000000000007212292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c793aa970bbca74d2021-12-23 11:52:18.944root 11241100x80000000000000007212293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfcee17c9b3a6ec2021-12-23 11:52:18.944root 11241100x80000000000000007212294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d126528031a4df02021-12-23 11:52:18.944root 11241100x80000000000000007212295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74844c4ea26e4d972021-12-23 11:52:18.944root 11241100x80000000000000007212296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe95b385f0086482021-12-23 11:52:18.944root 11241100x80000000000000007212297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe756281c300b12021-12-23 11:52:18.944root 11241100x80000000000000007212298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d9db2ce6520d802021-12-23 11:52:18.944root 11241100x80000000000000007212299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9272aa139fadfef22021-12-23 11:52:18.944root 11241100x80000000000000007212300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8eccf2923cab532021-12-23 11:52:18.944root 11241100x80000000000000007212301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b44e1da6f98efa2021-12-23 11:52:18.944root 11241100x80000000000000007212302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3c94a350269e172021-12-23 11:52:19.443root 11241100x80000000000000007212303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575a46f612f975cf2021-12-23 11:52:19.443root 11241100x80000000000000007212304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4562c33b307838ab2021-12-23 11:52:19.443root 11241100x80000000000000007212305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f4b1cd26641c162021-12-23 11:52:19.443root 11241100x80000000000000007212306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029c96b015bd2a5b2021-12-23 11:52:19.443root 11241100x80000000000000007212307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01169fe4485c4de32021-12-23 11:52:19.443root 11241100x80000000000000007212308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d6f084c03589ad2021-12-23 11:52:19.443root 11241100x80000000000000007212309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850a1f201418afba2021-12-23 11:52:19.443root 11241100x80000000000000007212310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e719e66832a4d9bb2021-12-23 11:52:19.443root 11241100x80000000000000007212311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f1ea10820944fc2021-12-23 11:52:19.443root 11241100x80000000000000007212312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a90164648d6b53e2021-12-23 11:52:19.444root 11241100x80000000000000007212313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337dac3d200437e2021-12-23 11:52:19.444root 11241100x80000000000000007212314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5cdb786ef06fcd2021-12-23 11:52:19.444root 11241100x80000000000000007212315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0806aab2588bc7ee2021-12-23 11:52:19.444root 11241100x80000000000000007212316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eaf9e60f6baac02021-12-23 11:52:19.444root 11241100x80000000000000007212317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb67a46322c1fe342021-12-23 11:52:19.444root 11241100x80000000000000007212318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b496531ce16a83c2021-12-23 11:52:19.444root 11241100x80000000000000007212319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63138634f6959ef02021-12-23 11:52:19.444root 11241100x80000000000000007212320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752661be31b76ada2021-12-23 11:52:19.444root 11241100x80000000000000007212321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b24ba86249cbf62021-12-23 11:52:19.444root 11241100x80000000000000007212322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467fbb63b30e81cd2021-12-23 11:52:19.942root 11241100x80000000000000007212323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c570cf5ad78875f32021-12-23 11:52:19.943root 11241100x80000000000000007212324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd45225acfdba2d62021-12-23 11:52:19.943root 11241100x80000000000000007212325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b66a10cf56237842021-12-23 11:52:19.943root 11241100x80000000000000007212326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c4ba88c4bd35b72021-12-23 11:52:19.943root 11241100x80000000000000007212327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9fc0c231f993ff2021-12-23 11:52:19.943root 11241100x80000000000000007212328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91505a0ec497af752021-12-23 11:52:19.943root 11241100x80000000000000007212329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c75acbe2de0e6932021-12-23 11:52:19.943root 11241100x80000000000000007212330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fedebf94f75f762021-12-23 11:52:19.943root 11241100x80000000000000007212331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c13e3d5d0ec6002021-12-23 11:52:19.943root 11241100x80000000000000007212332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be3be2ff629e6b72021-12-23 11:52:19.943root 11241100x80000000000000007212333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6fe68e5986a8282021-12-23 11:52:19.943root 11241100x80000000000000007212334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d24da4d076d7d72021-12-23 11:52:19.943root 11241100x80000000000000007212335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e901eb1d467812021-12-23 11:52:19.943root 11241100x80000000000000007212336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac08ba836dc4f7902021-12-23 11:52:19.944root 11241100x80000000000000007212337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d061133ff3ffaf1b2021-12-23 11:52:19.944root 11241100x80000000000000007212338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e140113ccd7351442021-12-23 11:52:19.944root 11241100x80000000000000007212339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960d905b8d096e5b2021-12-23 11:52:19.944root 11241100x80000000000000007212340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d972df48ffd916202021-12-23 11:52:19.944root 11241100x80000000000000007212341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2f8039264c0ed02021-12-23 11:52:19.944root 11241100x80000000000000007212342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44399fde75f58c0e2021-12-23 11:52:19.944root 11241100x80000000000000007212343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7d1736f6358b702021-12-23 11:52:19.944root 11241100x80000000000000007212344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd787bc9f976e4f2021-12-23 11:52:19.944root 11241100x80000000000000007212345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846c55fa0c14e8a32021-12-23 11:52:20.443root 11241100x80000000000000007212346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29efac6cc2253ea72021-12-23 11:52:20.443root 11241100x80000000000000007212347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c48b44808cf2f582021-12-23 11:52:20.443root 11241100x80000000000000007212348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044bfdf0a3ba48e2021-12-23 11:52:20.443root 11241100x80000000000000007212349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c452ca6ebc22a3752021-12-23 11:52:20.444root 11241100x80000000000000007212350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ebd3fb6c3550182021-12-23 11:52:20.444root 11241100x80000000000000007212351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f96536fc462cba82021-12-23 11:52:20.444root 11241100x80000000000000007212352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0fe6806b91490a2021-12-23 11:52:20.444root 11241100x80000000000000007212353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01a07670bf8f7ef2021-12-23 11:52:20.444root 11241100x80000000000000007212354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14d3a03cba41fc72021-12-23 11:52:20.444root 11241100x80000000000000007212355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86781c2f2a88674e2021-12-23 11:52:20.444root 11241100x80000000000000007212356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989ccd25ab0397222021-12-23 11:52:20.444root 11241100x80000000000000007212357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fe4bdce359c3fe2021-12-23 11:52:20.444root 11241100x80000000000000007212358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636b9cac5b564f6c2021-12-23 11:52:20.444root 11241100x80000000000000007212359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457760cd63f91fdd2021-12-23 11:52:20.444root 11241100x80000000000000007212360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0701771e9c40536f2021-12-23 11:52:20.444root 11241100x80000000000000007212361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bbce083b6e678f2021-12-23 11:52:20.444root 11241100x80000000000000007212362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32764e6d849f74a62021-12-23 11:52:20.444root 11241100x80000000000000007212363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8c6382a67ba2772021-12-23 11:52:20.445root 11241100x80000000000000007212364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be609524e5d6a4be2021-12-23 11:52:20.445root 11241100x80000000000000007212365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582f93b643ad74d72021-12-23 11:52:20.943root 11241100x80000000000000007212366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d758bea2015d6c572021-12-23 11:52:20.943root 11241100x80000000000000007212367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260342de1a51f1972021-12-23 11:52:20.943root 11241100x80000000000000007212368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52f6eb501d4bf1a2021-12-23 11:52:20.943root 11241100x80000000000000007212369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1774c18af70ab4742021-12-23 11:52:20.943root 11241100x80000000000000007212370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6381a3c5a9567bc12021-12-23 11:52:20.943root 11241100x80000000000000007212371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ecad4a953426612021-12-23 11:52:20.943root 11241100x80000000000000007212372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390d194402722cd82021-12-23 11:52:20.943root 11241100x80000000000000007212373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95d56ce7ebb0c1b2021-12-23 11:52:20.943root 11241100x80000000000000007212374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bcefd30ed606b02021-12-23 11:52:20.944root 11241100x80000000000000007212375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28326e1f60ce1d122021-12-23 11:52:20.944root 11241100x80000000000000007212376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29def5cfb5abfee32021-12-23 11:52:20.944root 11241100x80000000000000007212377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3d1f4da5f2e03a2021-12-23 11:52:20.944root 11241100x80000000000000007212378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5827981d842b082021-12-23 11:52:20.944root 11241100x80000000000000007212379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f15f81c33df7652021-12-23 11:52:20.944root 11241100x80000000000000007212380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e670185a1dbaf1002021-12-23 11:52:20.944root 11241100x80000000000000007212381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343ca1e96ffdea392021-12-23 11:52:20.944root 11241100x80000000000000007212382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df62b0030c719e32021-12-23 11:52:20.944root 11241100x80000000000000007212383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9031c3da2b9ec19e2021-12-23 11:52:20.944root 11241100x80000000000000007212384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71c4e509bded7a22021-12-23 11:52:20.944root 11241100x80000000000000007212385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc205a2fdf377442021-12-23 11:52:21.443root 11241100x80000000000000007212386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b363a85c0fdf3762021-12-23 11:52:21.443root 11241100x80000000000000007212387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62580f0139029d192021-12-23 11:52:21.443root 11241100x80000000000000007212388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a834dcb85c8121d92021-12-23 11:52:21.443root 11241100x80000000000000007212389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ed42a7746929712021-12-23 11:52:21.443root 11241100x80000000000000007212390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1a2c0673b285362021-12-23 11:52:21.443root 11241100x80000000000000007212391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f283c4b23b4472021-12-23 11:52:21.443root 11241100x80000000000000007212392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9eeb8d19ef3c6a2021-12-23 11:52:21.444root 11241100x80000000000000007212393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920a01439d7fbbc2021-12-23 11:52:21.444root 11241100x80000000000000007212394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaa74e8ffe4494e2021-12-23 11:52:21.444root 11241100x80000000000000007212395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f16aaf513328ea2021-12-23 11:52:21.444root 11241100x80000000000000007212396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1886454ca53d98a2021-12-23 11:52:21.444root 11241100x80000000000000007212397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfd031eef9974452021-12-23 11:52:21.444root 11241100x80000000000000007212398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8548c80dd0b5ef2021-12-23 11:52:21.444root 11241100x80000000000000007212399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd71b8d24d911942021-12-23 11:52:21.444root 11241100x80000000000000007212400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c930bd1348db465d2021-12-23 11:52:21.444root 11241100x80000000000000007212401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73da96a7c9ea6232021-12-23 11:52:21.444root 11241100x80000000000000007212402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffafebf271141c62021-12-23 11:52:21.444root 11241100x80000000000000007212403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd113e1d144384c2021-12-23 11:52:21.444root 11241100x80000000000000007212404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a630aab72d74f3812021-12-23 11:52:21.444root 11241100x80000000000000007212405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1afe749f10f296e2021-12-23 11:52:21.943root 11241100x80000000000000007212406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a386bcd8fe35a0062021-12-23 11:52:21.943root 11241100x80000000000000007212407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d664470cb8bb1582021-12-23 11:52:21.943root 11241100x80000000000000007212408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea60dce327bca102021-12-23 11:52:21.943root 11241100x80000000000000007212409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e9c574c20ec5302021-12-23 11:52:21.943root 11241100x80000000000000007212410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3abf04172b4fca92021-12-23 11:52:21.943root 11241100x80000000000000007212411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a92886d33f2ff132021-12-23 11:52:21.943root 11241100x80000000000000007212412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1abcf26165c5c842021-12-23 11:52:21.943root 11241100x80000000000000007212413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8c3675c3af81e22021-12-23 11:52:21.943root 11241100x80000000000000007212414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734b748e697222d62021-12-23 11:52:21.943root 11241100x80000000000000007212415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a160ba59695c536d2021-12-23 11:52:21.943root 11241100x80000000000000007212416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f661986bd6dc4cfa2021-12-23 11:52:21.943root 11241100x80000000000000007212417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d91c360af7fca502021-12-23 11:52:21.943root 11241100x80000000000000007212418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f1d264ba0cce062021-12-23 11:52:21.944root 11241100x80000000000000007212419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fb725485a180962021-12-23 11:52:21.944root 11241100x80000000000000007212420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369348728a324ea62021-12-23 11:52:21.944root 11241100x80000000000000007212421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2075735a5f0e8f2021-12-23 11:52:21.944root 11241100x80000000000000007212422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94243199b14671fe2021-12-23 11:52:21.944root 11241100x80000000000000007212423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da318e45d2f7fceb2021-12-23 11:52:21.944root 11241100x80000000000000007212424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124cbfee81413bae2021-12-23 11:52:21.944root 11241100x80000000000000007212425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81719779ef8953602021-12-23 11:52:21.944root 11241100x80000000000000007212426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22e697930f7f6082021-12-23 11:52:21.944root 11241100x80000000000000007212427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcd385bab3070a22021-12-23 11:52:21.944root 11241100x80000000000000007212428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696cfd36befcaaa92021-12-23 11:52:21.944root 11241100x80000000000000007212429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd15400d3c235832021-12-23 11:52:21.944root 11241100x80000000000000007212430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af9d3da274e5d482021-12-23 11:52:21.944root 11241100x80000000000000007212431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f90284052e6d72021-12-23 11:52:22.442root 11241100x80000000000000007212432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9afa300720d31b2021-12-23 11:52:22.443root 11241100x80000000000000007212433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fff9a5f83cca812021-12-23 11:52:22.443root 11241100x80000000000000007212434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861ec740ac44c0df2021-12-23 11:52:22.443root 11241100x80000000000000007212435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391ddddc2237eb132021-12-23 11:52:22.443root 11241100x80000000000000007212436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29945579314843aa2021-12-23 11:52:22.443root 11241100x80000000000000007212437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da239bb07674d9112021-12-23 11:52:22.443root 11241100x80000000000000007212438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce219d66b04e57e2021-12-23 11:52:22.443root 11241100x80000000000000007212439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6737b8a66114d05b2021-12-23 11:52:22.443root 11241100x80000000000000007212440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c262d5e6cddd612021-12-23 11:52:22.443root 11241100x80000000000000007212441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215cd450d8646d12021-12-23 11:52:22.443root 11241100x80000000000000007212442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785ffbe24a0478342021-12-23 11:52:22.444root 11241100x80000000000000007212443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5b0555258d21822021-12-23 11:52:22.444root 11241100x80000000000000007212444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aec84941fbcc9db2021-12-23 11:52:22.444root 11241100x80000000000000007212445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadbeca6ec77930d2021-12-23 11:52:22.444root 11241100x80000000000000007212446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da015f09d3482bd2021-12-23 11:52:22.444root 11241100x80000000000000007212447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4753254e31fb68822021-12-23 11:52:22.444root 11241100x80000000000000007212448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2912c40f9727dd9b2021-12-23 11:52:22.444root 11241100x80000000000000007212449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb1d2cb09a47a22021-12-23 11:52:22.444root 11241100x80000000000000007212450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13553aa61d6773b62021-12-23 11:52:22.444root 11241100x80000000000000007212451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4f56894a3a9e092021-12-23 11:52:22.444root 11241100x80000000000000007212452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f46e88ecc1f9b32021-12-23 11:52:22.444root 11241100x80000000000000007212453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22fe5875f2c79752021-12-23 11:52:22.444root 11241100x80000000000000007212454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e0f59a50def2002021-12-23 11:52:22.445root 11241100x80000000000000007212455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c4ee44d5e310842021-12-23 11:52:22.445root 11241100x80000000000000007212456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f233e20cb9157a572021-12-23 11:52:22.445root 11241100x80000000000000007212457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba709af7c8aa3442021-12-23 11:52:22.445root 11241100x80000000000000007212458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab655c7d87c80d2e2021-12-23 11:52:22.943root 11241100x80000000000000007212459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40919c6e4eaa2ab2021-12-23 11:52:22.943root 11241100x80000000000000007212460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec4f2aca2903f602021-12-23 11:52:22.943root 11241100x80000000000000007212461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d65c2bd15cdccd2021-12-23 11:52:22.943root 11241100x80000000000000007212462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a45dce98eff3e0f2021-12-23 11:52:22.943root 11241100x80000000000000007212463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88798518c187dc92021-12-23 11:52:22.943root 11241100x80000000000000007212464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ee06cf145726b62021-12-23 11:52:22.943root 11241100x80000000000000007212465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8714175c9b7b9ff2021-12-23 11:52:22.943root 11241100x80000000000000007212466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8403dfecb8cd1d3b2021-12-23 11:52:22.943root 11241100x80000000000000007212467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c592cf370e6f32eb2021-12-23 11:52:22.944root 11241100x80000000000000007212468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ce7824575081602021-12-23 11:52:22.944root 11241100x80000000000000007212469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae6317936b9ffe22021-12-23 11:52:22.944root 11241100x80000000000000007212470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db73219f04102f852021-12-23 11:52:22.944root 11241100x80000000000000007212471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc5f62f071053722021-12-23 11:52:22.944root 11241100x80000000000000007212472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a6f6673e146cbc2021-12-23 11:52:22.944root 11241100x80000000000000007212473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5508e7192c5e39772021-12-23 11:52:22.944root 11241100x80000000000000007212474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba762b7c3e513e1a2021-12-23 11:52:22.944root 11241100x80000000000000007212475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e2fae33596e63d2021-12-23 11:52:22.944root 11241100x80000000000000007212476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c87b97a0b875152021-12-23 11:52:22.944root 11241100x80000000000000007212477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d734a8bd4188f5362021-12-23 11:52:22.945root 354300x80000000000000007212478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.070{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33778-false10.0.1.12-8000- 11241100x80000000000000007212479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5cfa19435466582021-12-23 11:52:23.443root 11241100x80000000000000007212480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fe9cf43928315b2021-12-23 11:52:23.443root 11241100x80000000000000007212481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1806ed981d3ee12021-12-23 11:52:23.443root 11241100x80000000000000007212482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b1c6322653dd1d2021-12-23 11:52:23.444root 11241100x80000000000000007212483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f0bad72da462202021-12-23 11:52:23.444root 11241100x80000000000000007212484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212e99fc46331ac32021-12-23 11:52:23.444root 11241100x80000000000000007212485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e4bdc9027aa0a2021-12-23 11:52:23.444root 11241100x80000000000000007212486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf424fb72ac7fdf82021-12-23 11:52:23.444root 11241100x80000000000000007212487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5660027ba84f6e382021-12-23 11:52:23.444root 11241100x80000000000000007212488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a94afe8c5b99392021-12-23 11:52:23.444root 11241100x80000000000000007212489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b936cd93f79622021-12-23 11:52:23.444root 11241100x80000000000000007212490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3f614182574a032021-12-23 11:52:23.444root 11241100x80000000000000007212491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c12e892c4e91c72021-12-23 11:52:23.444root 11241100x80000000000000007212492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbfc45c2ee094132021-12-23 11:52:23.444root 11241100x80000000000000007212493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf16fe51e28873852021-12-23 11:52:23.444root 11241100x80000000000000007212494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f73d6f13ec1ecc02021-12-23 11:52:23.444root 11241100x80000000000000007212495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485b9d0b22ccacae2021-12-23 11:52:23.444root 11241100x80000000000000007212496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61b0a617751c9b72021-12-23 11:52:23.445root 11241100x80000000000000007212497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b87f707c33998ee2021-12-23 11:52:23.445root 11241100x80000000000000007212498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476d6ac0caa183dd2021-12-23 11:52:23.445root 11241100x80000000000000007212499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d559da08b6e8381e2021-12-23 11:52:23.445root 11241100x80000000000000007212500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d27e526ccb50792021-12-23 11:52:23.943root 11241100x80000000000000007212501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616d533aca7d5cbb2021-12-23 11:52:23.943root 11241100x80000000000000007212502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d030493b430c2f2021-12-23 11:52:23.943root 11241100x80000000000000007212503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc4e72ca1679d3d2021-12-23 11:52:23.943root 11241100x80000000000000007212504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734e76234f5afcc52021-12-23 11:52:23.943root 11241100x80000000000000007212505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f3304515a409d12021-12-23 11:52:23.944root 11241100x80000000000000007212506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466beb67fb9f80382021-12-23 11:52:23.944root 11241100x80000000000000007212507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2615933a831c379d2021-12-23 11:52:23.944root 11241100x80000000000000007212508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fb064627e7c2ac2021-12-23 11:52:23.944root 11241100x80000000000000007212509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e58316cb7156a2021-12-23 11:52:23.944root 11241100x80000000000000007212510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e434cec7592a2b982021-12-23 11:52:23.944root 11241100x80000000000000007212511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749a13a014dc9d42021-12-23 11:52:23.944root 11241100x80000000000000007212512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7684d76b92198d2021-12-23 11:52:23.944root 11241100x80000000000000007212513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed04a733f616603f2021-12-23 11:52:23.944root 11241100x80000000000000007212514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ee34a60524054c2021-12-23 11:52:23.944root 11241100x80000000000000007212515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5472bd71eacd94d92021-12-23 11:52:23.944root 11241100x80000000000000007212516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0505343de1fe512021-12-23 11:52:23.944root 11241100x80000000000000007212517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5932471442602f282021-12-23 11:52:23.944root 11241100x80000000000000007212518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951177ce72f9d0832021-12-23 11:52:23.945root 11241100x80000000000000007212519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c71dee73ff50212021-12-23 11:52:23.945root 11241100x80000000000000007212520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf1dda634dd1b932021-12-23 11:52:23.945root 11241100x80000000000000007212521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62245a4a9a1182e2021-12-23 11:52:24.443root 11241100x80000000000000007212522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa03d3ffcfe131702021-12-23 11:52:24.443root 11241100x80000000000000007212523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11136e01a9f6560f2021-12-23 11:52:24.443root 11241100x80000000000000007212524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20696fffe5de46f2021-12-23 11:52:24.443root 11241100x80000000000000007212525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7855d471b2cca2282021-12-23 11:52:24.443root 11241100x80000000000000007212526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2cb28d55d7f45c2021-12-23 11:52:24.443root 11241100x80000000000000007212527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faca90e0bdf50082021-12-23 11:52:24.443root 11241100x80000000000000007212528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be82424f3a5aa6282021-12-23 11:52:24.443root 11241100x80000000000000007212529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e883f5eb3c916802021-12-23 11:52:24.444root 11241100x80000000000000007212530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8616811a54513202021-12-23 11:52:24.444root 11241100x80000000000000007212531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86cef20f1f191392021-12-23 11:52:24.444root 11241100x80000000000000007212532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05051dad3ad8dc552021-12-23 11:52:24.444root 11241100x80000000000000007212533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254e3fbe2f911bc82021-12-23 11:52:24.444root 11241100x80000000000000007212534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f46ae7018f325792021-12-23 11:52:24.444root 11241100x80000000000000007212535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2002a3869df4f8c72021-12-23 11:52:24.444root 11241100x80000000000000007212536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7e4be4ee3d6e742021-12-23 11:52:24.444root 11241100x80000000000000007212537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c799adc14329a52021-12-23 11:52:24.444root 11241100x80000000000000007212538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df6a780147374422021-12-23 11:52:24.444root 11241100x80000000000000007212539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1fa46812704e5e2021-12-23 11:52:24.444root 11241100x80000000000000007212540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd0c116f6b931952021-12-23 11:52:24.444root 11241100x80000000000000007212541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56d13a29e19c81b2021-12-23 11:52:24.444root 11241100x80000000000000007212542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e30583423486f32021-12-23 11:52:24.943root 11241100x80000000000000007212543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c493e9dee14b50b12021-12-23 11:52:24.943root 11241100x80000000000000007212544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e687ce5e5707c122021-12-23 11:52:24.943root 11241100x80000000000000007212545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172410b35ad7035e2021-12-23 11:52:24.943root 11241100x80000000000000007212546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e82392044278d062021-12-23 11:52:24.943root 11241100x80000000000000007212547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d402de835c2177fa2021-12-23 11:52:24.944root 11241100x80000000000000007212548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3b01d493575cdd2021-12-23 11:52:24.944root 11241100x80000000000000007212549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6733a94b64d5457a2021-12-23 11:52:24.944root 11241100x80000000000000007212550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafe8e33a33d99052021-12-23 11:52:24.944root 11241100x80000000000000007212551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ff0ce874ea196b2021-12-23 11:52:24.944root 11241100x80000000000000007212552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f865f654521a022021-12-23 11:52:24.944root 11241100x80000000000000007212553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffa543e2519e7312021-12-23 11:52:24.944root 11241100x80000000000000007212554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8bfc9251bb98292021-12-23 11:52:24.944root 11241100x80000000000000007212555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309ca1100631d8882021-12-23 11:52:24.944root 11241100x80000000000000007212556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84460cdf0af1092b2021-12-23 11:52:24.944root 11241100x80000000000000007212557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb7cd2fe2c8d3a22021-12-23 11:52:24.944root 11241100x80000000000000007212558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7162efc5b2aa41f2021-12-23 11:52:24.944root 11241100x80000000000000007212559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb39a979b16ca5e32021-12-23 11:52:24.944root 11241100x80000000000000007212560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9b8da97b02370e2021-12-23 11:52:24.944root 11241100x80000000000000007212561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc250eb09623f84a2021-12-23 11:52:24.944root 11241100x80000000000000007212562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575a95bb2b9f2d082021-12-23 11:52:24.945root 11241100x80000000000000007212563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de8635385dbd4f2021-12-23 11:52:25.443root 11241100x80000000000000007212564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd58eb8154abaab72021-12-23 11:52:25.443root 11241100x80000000000000007212565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906b0d36ab2754182021-12-23 11:52:25.443root 11241100x80000000000000007212566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad88ffb8c8157e82021-12-23 11:52:25.443root 11241100x80000000000000007212567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91155a7f1f850db2021-12-23 11:52:25.443root 11241100x80000000000000007212568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78e153129e52a842021-12-23 11:52:25.443root 11241100x80000000000000007212569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9097d4195b571312021-12-23 11:52:25.443root 11241100x80000000000000007212570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a092af8bc9516f2021-12-23 11:52:25.443root 11241100x80000000000000007212571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488894189fdc87f62021-12-23 11:52:25.444root 11241100x80000000000000007212572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2067dbc1689cb83e2021-12-23 11:52:25.444root 11241100x80000000000000007212573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e92e5e28b7d0552021-12-23 11:52:25.444root 11241100x80000000000000007212574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bb6908cfd5c7d32021-12-23 11:52:25.444root 11241100x80000000000000007212575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b25fd311edfe62021-12-23 11:52:25.444root 11241100x80000000000000007212576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2992751464ae7312021-12-23 11:52:25.444root 11241100x80000000000000007212577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8668f7f335953dc22021-12-23 11:52:25.444root 11241100x80000000000000007212578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7903226cdc9e6f5f2021-12-23 11:52:25.444root 11241100x80000000000000007212579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272f4a0e7b51810b2021-12-23 11:52:25.444root 11241100x80000000000000007212580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236b8debfe0031332021-12-23 11:52:25.444root 11241100x80000000000000007212581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12c423e72e200a12021-12-23 11:52:25.444root 11241100x80000000000000007212582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cb7cbd0b4bd7312021-12-23 11:52:25.444root 11241100x80000000000000007212583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d607a5a9e97690d92021-12-23 11:52:25.445root 11241100x80000000000000007212584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61298f435a9b5dda2021-12-23 11:52:25.943root 11241100x80000000000000007212585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a99f4bfd7958cf2021-12-23 11:52:25.943root 11241100x80000000000000007212586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c48e6009f219c52021-12-23 11:52:25.943root 11241100x80000000000000007212587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0952002bab54e92021-12-23 11:52:25.943root 11241100x80000000000000007212588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e59a28811f214982021-12-23 11:52:25.944root 11241100x80000000000000007212589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e03a2acc7231f22021-12-23 11:52:25.944root 11241100x80000000000000007212590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c5d1123e9209c12021-12-23 11:52:25.944root 11241100x80000000000000007212591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f45e5cc6d6e5e32021-12-23 11:52:25.944root 11241100x80000000000000007212592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cddf552a41596df2021-12-23 11:52:25.944root 11241100x80000000000000007212593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fe175430aa56af2021-12-23 11:52:25.944root 11241100x80000000000000007212594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a23d2531d060172021-12-23 11:52:25.944root 11241100x80000000000000007212595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9260c7026f7694f2021-12-23 11:52:25.944root 11241100x80000000000000007212596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf91dda0ca451f12021-12-23 11:52:25.944root 11241100x80000000000000007212597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63957e9cddd574b82021-12-23 11:52:25.945root 11241100x80000000000000007212598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7ebae3dab65b3b2021-12-23 11:52:25.945root 11241100x80000000000000007212599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaf0a42bcd66c442021-12-23 11:52:25.945root 11241100x80000000000000007212600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949cdb192a3bf4392021-12-23 11:52:25.945root 11241100x80000000000000007212601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe3a68d83f6c1d62021-12-23 11:52:25.945root 11241100x80000000000000007212602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10789a5c7467be6e2021-12-23 11:52:25.945root 11241100x80000000000000007212603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce28798bae868332021-12-23 11:52:25.946root 11241100x80000000000000007212604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596b2b3f7c05c2c82021-12-23 11:52:25.946root 11241100x80000000000000007212605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5042abb983a40a442021-12-23 11:52:26.443root 11241100x80000000000000007212606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f9db9ae69b3a5c2021-12-23 11:52:26.443root 11241100x80000000000000007212607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159dcc21d7cfe9c22021-12-23 11:52:26.443root 11241100x80000000000000007212608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0d1d87269b6f0c2021-12-23 11:52:26.443root 11241100x80000000000000007212609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0fa7add4e03aa42021-12-23 11:52:26.443root 11241100x80000000000000007212610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fbb4c209bade362021-12-23 11:52:26.443root 11241100x80000000000000007212611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa37c4a4d3a2de672021-12-23 11:52:26.444root 11241100x80000000000000007212612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6350e0d4a42a0e92021-12-23 11:52:26.444root 11241100x80000000000000007212613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e47b6b6cac3d822021-12-23 11:52:26.444root 11241100x80000000000000007212614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7341a4be7e7ca0d62021-12-23 11:52:26.444root 11241100x80000000000000007212615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6e83aafe306f582021-12-23 11:52:26.444root 11241100x80000000000000007212616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d06d512896c0562021-12-23 11:52:26.444root 11241100x80000000000000007212617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bbf106d93c4b7f2021-12-23 11:52:26.444root 11241100x80000000000000007212618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e51603c5c89b6f42021-12-23 11:52:26.444root 11241100x80000000000000007212619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583cf80ad4cb4d2a2021-12-23 11:52:26.445root 11241100x80000000000000007212620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89970a8d75742f332021-12-23 11:52:26.445root 11241100x80000000000000007212621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e178139626f0f52021-12-23 11:52:26.445root 11241100x80000000000000007212622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bcd7bea40332892021-12-23 11:52:26.445root 11241100x80000000000000007212623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9270a7ae5eb1f02021-12-23 11:52:26.445root 11241100x80000000000000007212624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1fee69163c1e9c2021-12-23 11:52:26.445root 11241100x80000000000000007212625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a1a633a42fcb242021-12-23 11:52:26.445root 11241100x80000000000000007212626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d2d7bb0427a6b52021-12-23 11:52:26.943root 11241100x80000000000000007212627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb784665848b5712021-12-23 11:52:26.943root 11241100x80000000000000007212628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f225492305f9c8fa2021-12-23 11:52:26.943root 11241100x80000000000000007212629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44097f07ef6fb7c22021-12-23 11:52:26.943root 11241100x80000000000000007212630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6303a2c38b820762021-12-23 11:52:26.943root 11241100x80000000000000007212631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed99d08c2eafa912021-12-23 11:52:26.944root 11241100x80000000000000007212632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b1f456767630fb2021-12-23 11:52:26.944root 11241100x80000000000000007212633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a9f6138330f3c82021-12-23 11:52:26.944root 11241100x80000000000000007212634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e043cf8338313d2021-12-23 11:52:26.944root 11241100x80000000000000007212635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfd827faf7852cb2021-12-23 11:52:26.944root 11241100x80000000000000007212636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f6628bb1c307842021-12-23 11:52:26.944root 11241100x80000000000000007212637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58222e3a65980712021-12-23 11:52:26.944root 11241100x80000000000000007212638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ac8ede5415d0df2021-12-23 11:52:26.944root 11241100x80000000000000007212639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e853b42e023c6052021-12-23 11:52:26.944root 11241100x80000000000000007212640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912d9008de1487b42021-12-23 11:52:26.944root 11241100x80000000000000007212641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c309cbc8c28926bd2021-12-23 11:52:26.945root 11241100x80000000000000007212642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cf01da4856f8b32021-12-23 11:52:26.945root 11241100x80000000000000007212643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908ab40aa827a7552021-12-23 11:52:26.945root 11241100x80000000000000007212644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da621e362754f4fc2021-12-23 11:52:26.945root 11241100x80000000000000007212645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36440e73e49d62ae2021-12-23 11:52:26.945root 11241100x80000000000000007212646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8bd0a3c165708f2021-12-23 11:52:26.945root 11241100x80000000000000007212647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03b041ca46167052021-12-23 11:52:26.945root 11241100x80000000000000007212648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29188845d88e7da72021-12-23 11:52:27.443root 11241100x80000000000000007212649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44fc763a520e42e2021-12-23 11:52:27.443root 11241100x80000000000000007212650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb029e232ef286e2021-12-23 11:52:27.443root 11241100x80000000000000007212651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f803e1bba4826b2021-12-23 11:52:27.443root 11241100x80000000000000007212652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed1ad6ce2c8341c2021-12-23 11:52:27.443root 11241100x80000000000000007212653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d04c816672593ed2021-12-23 11:52:27.443root 11241100x80000000000000007212654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163629a109661552021-12-23 11:52:27.444root 11241100x80000000000000007212655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe4f2c6e41b73b92021-12-23 11:52:27.444root 11241100x80000000000000007212656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2aef39111e78ad2021-12-23 11:52:27.444root 11241100x80000000000000007212657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6572b715ccecad3e2021-12-23 11:52:27.444root 11241100x80000000000000007212658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3c653b6a11497f2021-12-23 11:52:27.444root 11241100x80000000000000007212659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0a3c06c66e530c2021-12-23 11:52:27.444root 11241100x80000000000000007212660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2cde887119ec32021-12-23 11:52:27.444root 11241100x80000000000000007212661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e417e6d005b957f2021-12-23 11:52:27.444root 11241100x80000000000000007212662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f588fef1d6bd892e2021-12-23 11:52:27.444root 11241100x80000000000000007212663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c890993e1b37fddc2021-12-23 11:52:27.444root 11241100x80000000000000007212664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215a14a3e0daac122021-12-23 11:52:27.445root 11241100x80000000000000007212665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27330f80f92ed8132021-12-23 11:52:27.445root 11241100x80000000000000007212666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048e526154a5a47a2021-12-23 11:52:27.445root 11241100x80000000000000007212667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d638b9f4d1a7dce2021-12-23 11:52:27.445root 11241100x80000000000000007212668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c300977dcd7646782021-12-23 11:52:27.445root 11241100x80000000000000007212669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081dc45871ded6d92021-12-23 11:52:27.943root 11241100x80000000000000007212670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7259f3b6000cbe272021-12-23 11:52:27.943root 11241100x80000000000000007212671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e91e56e8ec340e72021-12-23 11:52:27.943root 11241100x80000000000000007212672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9626f2baad959bea2021-12-23 11:52:27.943root 11241100x80000000000000007212673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46c1bdb1bfa3d4e2021-12-23 11:52:27.943root 11241100x80000000000000007212674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf371dbdb4c10642021-12-23 11:52:27.944root 11241100x80000000000000007212675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c14d7564effe76d2021-12-23 11:52:27.944root 11241100x80000000000000007212676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d28bdb13f9a39c22021-12-23 11:52:27.944root 11241100x80000000000000007212677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe601d778420b1462021-12-23 11:52:27.944root 11241100x80000000000000007212678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a010d9b44714f32021-12-23 11:52:27.944root 11241100x80000000000000007212679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6240b3126d799ec2021-12-23 11:52:27.944root 11241100x80000000000000007212680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369f35e95efb777f2021-12-23 11:52:27.944root 11241100x80000000000000007212681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c6cce75321bb7c2021-12-23 11:52:27.944root 11241100x80000000000000007212682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a09bc2efd90385e2021-12-23 11:52:27.944root 11241100x80000000000000007212683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8269c2a63a5954a2021-12-23 11:52:27.944root 11241100x80000000000000007212684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e31bcfdbfee91262021-12-23 11:52:27.944root 11241100x80000000000000007212685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c44c77ce2934342021-12-23 11:52:27.944root 11241100x80000000000000007212686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca489b8de2e4448f2021-12-23 11:52:27.945root 11241100x80000000000000007212687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e39c25dc3c91af2021-12-23 11:52:27.945root 11241100x80000000000000007212688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fc15bff85092632021-12-23 11:52:27.945root 11241100x80000000000000007212689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e984c024388235e2021-12-23 11:52:27.945root 11241100x80000000000000007212690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb3a7d4bcb65c752021-12-23 11:52:27.945root 354300x80000000000000007212691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.074{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33780-false10.0.1.12-8000- 11241100x80000000000000007212692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775560877839d11f2021-12-23 11:52:28.443root 11241100x80000000000000007212693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d17f9d1640e6a52021-12-23 11:52:28.443root 11241100x80000000000000007212694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22522887c942742b2021-12-23 11:52:28.444root 11241100x80000000000000007212695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802db22952883c432021-12-23 11:52:28.444root 11241100x80000000000000007212696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30205993b8dfecc2021-12-23 11:52:28.444root 11241100x80000000000000007212697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54e662cbb9e162e2021-12-23 11:52:28.444root 11241100x80000000000000007212698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b19577fee94f502021-12-23 11:52:28.444root 11241100x80000000000000007212699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd150b406f02e9d92021-12-23 11:52:28.444root 11241100x80000000000000007212700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b70c4c183fb53c52021-12-23 11:52:28.445root 11241100x80000000000000007212701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9139e350fa6eabb2021-12-23 11:52:28.445root 11241100x80000000000000007212702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6625c8f6720b35212021-12-23 11:52:28.445root 11241100x80000000000000007212703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23985007a6436e482021-12-23 11:52:28.445root 11241100x80000000000000007212704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cefeb59a7cc7292021-12-23 11:52:28.445root 11241100x80000000000000007212705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae13aff7517f1b62021-12-23 11:52:28.445root 11241100x80000000000000007212706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f46ab4c0caaa542021-12-23 11:52:28.445root 11241100x80000000000000007212707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4481d0b664a95fd52021-12-23 11:52:28.445root 11241100x80000000000000007212708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ddfca3f5125f5c2021-12-23 11:52:28.445root 11241100x80000000000000007212709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d9af2acc8bfc92021-12-23 11:52:28.445root 11241100x80000000000000007212710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275cbb2e033875672021-12-23 11:52:28.446root 11241100x80000000000000007212711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5b6d39558f9dc32021-12-23 11:52:28.446root 11241100x80000000000000007212712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b0789a4f5e06652021-12-23 11:52:28.446root 11241100x80000000000000007212713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59b82f019e48e72021-12-23 11:52:28.446root 11241100x80000000000000007212714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98cdf956ab856e62021-12-23 11:52:28.943root 11241100x80000000000000007212715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26416607c2e044352021-12-23 11:52:28.943root 11241100x80000000000000007212716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b008adb0b2cfc6e2021-12-23 11:52:28.943root 11241100x80000000000000007212717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44661e8f3bae71092021-12-23 11:52:28.943root 11241100x80000000000000007212718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed0e2d62090dc292021-12-23 11:52:28.943root 11241100x80000000000000007212719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51670307958feade2021-12-23 11:52:28.943root 11241100x80000000000000007212720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d84ad0e837026392021-12-23 11:52:28.943root 11241100x80000000000000007212721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728bdc9355b8429d2021-12-23 11:52:28.943root 11241100x80000000000000007212722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a34844695184c2021-12-23 11:52:28.944root 11241100x80000000000000007212723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c349c3beb7be86642021-12-23 11:52:28.944root 11241100x80000000000000007212724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8bea5502ab1bcd2021-12-23 11:52:28.944root 11241100x80000000000000007212725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d128d5dd7827272021-12-23 11:52:28.944root 11241100x80000000000000007212726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbaca9781b1e6cd2021-12-23 11:52:28.944root 11241100x80000000000000007212727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342aef7ff8c00c5f2021-12-23 11:52:28.944root 11241100x80000000000000007212728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1736546e8da5d6a32021-12-23 11:52:28.944root 11241100x80000000000000007212729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1330b37216e975ed2021-12-23 11:52:28.944root 11241100x80000000000000007212730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69212eab1b7489d2021-12-23 11:52:28.944root 11241100x80000000000000007212731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc7da798af35f062021-12-23 11:52:28.945root 11241100x80000000000000007212732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41639a38b7119c82021-12-23 11:52:28.945root 11241100x80000000000000007212733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ced434e641d4b072021-12-23 11:52:28.945root 11241100x80000000000000007212734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f9dccff8d15f8b2021-12-23 11:52:28.945root 11241100x80000000000000007212735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e90dd3845b34342021-12-23 11:52:28.945root 11241100x80000000000000007212736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532bec168c138c852021-12-23 11:52:29.443root 11241100x80000000000000007212737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ca437dc3abc852021-12-23 11:52:29.443root 11241100x80000000000000007212738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cdfa1f7f2a98ad2021-12-23 11:52:29.443root 11241100x80000000000000007212739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27cc1ba3c4d372d2021-12-23 11:52:29.443root 11241100x80000000000000007212740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2406c8e7d82ae442021-12-23 11:52:29.443root 11241100x80000000000000007212741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb3a98d9b8148fd2021-12-23 11:52:29.444root 11241100x80000000000000007212742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f6f9d768a0a3c62021-12-23 11:52:29.444root 11241100x80000000000000007212743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb688890ef8eb27a2021-12-23 11:52:29.444root 11241100x80000000000000007212744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e38cff02f531a42021-12-23 11:52:29.444root 11241100x80000000000000007212745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c47917af672db72021-12-23 11:52:29.444root 11241100x80000000000000007212746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38b94b8431703d82021-12-23 11:52:29.444root 11241100x80000000000000007212747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14858218f7ca37f82021-12-23 11:52:29.444root 11241100x80000000000000007212748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d3492ead1645de2021-12-23 11:52:29.444root 11241100x80000000000000007212749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3474487beb93812021-12-23 11:52:29.445root 11241100x80000000000000007212750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cc483c000df0582021-12-23 11:52:29.445root 11241100x80000000000000007212751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4df7c76edb53c32021-12-23 11:52:29.445root 11241100x80000000000000007212752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9b7cd256adca52021-12-23 11:52:29.445root 11241100x80000000000000007212753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5c582311b94d492021-12-23 11:52:29.446root 11241100x80000000000000007212754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a2dc2edbd3bd572021-12-23 11:52:29.446root 11241100x80000000000000007212755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b190dc2c7827842021-12-23 11:52:29.446root 11241100x80000000000000007212756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acfbcc5ac3ae2122021-12-23 11:52:29.446root 11241100x80000000000000007212757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25b69c6ccce3b702021-12-23 11:52:29.446root 11241100x80000000000000007212758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3aa97516c3e73912021-12-23 11:52:29.943root 11241100x80000000000000007212759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8edbcc112f67add2021-12-23 11:52:29.943root 11241100x80000000000000007212760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33220bc0ca3b15d2021-12-23 11:52:29.943root 11241100x80000000000000007212761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f8b1abf99940f32021-12-23 11:52:29.943root 11241100x80000000000000007212762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a14a0a347d8e42d2021-12-23 11:52:29.943root 11241100x80000000000000007212763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb1b04036d2a7e82021-12-23 11:52:29.943root 11241100x80000000000000007212764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dc0347705967ca2021-12-23 11:52:29.943root 11241100x80000000000000007212765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33681f41784e2e812021-12-23 11:52:29.944root 11241100x80000000000000007212766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c886e4c4a53b8a2021-12-23 11:52:29.944root 11241100x80000000000000007212767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9d66213f44e65a2021-12-23 11:52:29.944root 11241100x80000000000000007212768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1d92ed94f634492021-12-23 11:52:29.944root 11241100x80000000000000007212769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684715dc7ab1ca12021-12-23 11:52:29.944root 11241100x80000000000000007212770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38c61db0e57d89a2021-12-23 11:52:29.944root 11241100x80000000000000007212771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01e7c9d3ecb776d2021-12-23 11:52:29.944root 11241100x80000000000000007212772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5d191386e7be852021-12-23 11:52:29.944root 11241100x80000000000000007212773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd46775bbe2cd7b2021-12-23 11:52:29.944root 11241100x80000000000000007212774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271c02551589fa432021-12-23 11:52:29.944root 11241100x80000000000000007212775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed13352ac243f7532021-12-23 11:52:29.944root 11241100x80000000000000007212776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1efd4bf013f5ec92021-12-23 11:52:29.944root 11241100x80000000000000007212777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1f947f16ccb8812021-12-23 11:52:29.944root 11241100x80000000000000007212778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4fb6189a2f99392021-12-23 11:52:29.944root 11241100x80000000000000007212779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fd4669b5134fe52021-12-23 11:52:29.945root 11241100x80000000000000007212780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:52:30.142root 11241100x80000000000000007212781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ceec873150c9662021-12-23 11:52:30.443root 11241100x80000000000000007212782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47ec5adb24c4ac2021-12-23 11:52:30.443root 11241100x80000000000000007212783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65ee4f714ccefe02021-12-23 11:52:30.443root 11241100x80000000000000007212784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18992608be234592021-12-23 11:52:30.443root 11241100x80000000000000007212785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa05a774e8fb47062021-12-23 11:52:30.443root 11241100x80000000000000007212786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c909a89cd7f3a3f2021-12-23 11:52:30.444root 11241100x80000000000000007212787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40edf4cc6bcd9fe2021-12-23 11:52:30.444root 11241100x80000000000000007212788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91f3a48cb2dcc3c2021-12-23 11:52:30.444root 11241100x80000000000000007212789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1798d99b573b31f72021-12-23 11:52:30.444root 11241100x80000000000000007212790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e921f3f2fabfa2021-12-23 11:52:30.444root 11241100x80000000000000007212791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c53607167163132021-12-23 11:52:30.444root 11241100x80000000000000007212792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90d70b1726e196f2021-12-23 11:52:30.444root 11241100x80000000000000007212793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ed8a836a213d82021-12-23 11:52:30.444root 11241100x80000000000000007212794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c54b14549e729e2021-12-23 11:52:30.444root 11241100x80000000000000007212795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e017bf88b702ccb2021-12-23 11:52:30.444root 11241100x80000000000000007212796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c7fa1a7d2d8a5e2021-12-23 11:52:30.445root 11241100x80000000000000007212797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b022b6ffba68d8922021-12-23 11:52:30.445root 11241100x80000000000000007212798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad6c6f593c8386b2021-12-23 11:52:30.445root 11241100x80000000000000007212799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a27a9d1510323592021-12-23 11:52:30.445root 11241100x80000000000000007212800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d31c178c5640b5c2021-12-23 11:52:30.445root 11241100x80000000000000007212801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f03c10839d57ceb2021-12-23 11:52:30.445root 11241100x80000000000000007212802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388bd0d4fbba263a2021-12-23 11:52:30.445root 11241100x80000000000000007212803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734db9ec7b043e882021-12-23 11:52:30.445root 11241100x80000000000000007212804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dcc765c6b53ed92021-12-23 11:52:30.943root 11241100x80000000000000007212805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1f351d0b7c49952021-12-23 11:52:30.943root 11241100x80000000000000007212806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbac646922acb9a2021-12-23 11:52:30.943root 11241100x80000000000000007212807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae362aafbc4a8af72021-12-23 11:52:30.943root 11241100x80000000000000007212808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4974d55ba18fd102021-12-23 11:52:30.944root 11241100x80000000000000007212809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23c7a4c5d47b9b72021-12-23 11:52:30.944root 11241100x80000000000000007212810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4cb7fe8462acca2021-12-23 11:52:30.944root 11241100x80000000000000007212811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c3d67f791c1472021-12-23 11:52:30.944root 11241100x80000000000000007212812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f294371d44c41f242021-12-23 11:52:30.944root 11241100x80000000000000007212813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0658a067d71a54072021-12-23 11:52:30.944root 11241100x80000000000000007212814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ed994f326c57b2021-12-23 11:52:30.944root 11241100x80000000000000007212815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d5595958e528182021-12-23 11:52:30.944root 11241100x80000000000000007212816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ce6ca4350d01b2021-12-23 11:52:30.944root 11241100x80000000000000007212817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8985647f90ed7012021-12-23 11:52:30.944root 11241100x80000000000000007212818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e5a78cc45711792021-12-23 11:52:30.944root 11241100x80000000000000007212819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dccd8c3a77b6ade2021-12-23 11:52:30.944root 11241100x80000000000000007212820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e083afad813eab2021-12-23 11:52:30.944root 11241100x80000000000000007212821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4660ca705b52b22021-12-23 11:52:30.944root 11241100x80000000000000007212822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a51b4586a14cc222021-12-23 11:52:30.944root 11241100x80000000000000007212823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f579276742eb13372021-12-23 11:52:30.944root 11241100x80000000000000007212824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80efa9028b0c04232021-12-23 11:52:30.945root 11241100x80000000000000007212825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed5f7eb71f85252021-12-23 11:52:30.945root 11241100x80000000000000007212826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe7c8cbdc07a2b52021-12-23 11:52:30.945root 534500x80000000000000007212827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.012{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x80000000000000007212828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5078a0b49946ff0a2021-12-23 11:52:31.443root 11241100x80000000000000007212829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758fe35155ad37e32021-12-23 11:52:31.443root 11241100x80000000000000007212830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65738e7fc46d5a62021-12-23 11:52:31.443root 11241100x80000000000000007212831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84ff62dc7221e762021-12-23 11:52:31.443root 11241100x80000000000000007212832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e32fc9189ba1f02021-12-23 11:52:31.443root 11241100x80000000000000007212833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962c6127a8aaeab02021-12-23 11:52:31.443root 11241100x80000000000000007212834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8779e602179ffbd32021-12-23 11:52:31.443root 11241100x80000000000000007212835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a635f9342cbba8042021-12-23 11:52:31.443root 11241100x80000000000000007212836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68a61f89764ea912021-12-23 11:52:31.444root 11241100x80000000000000007212837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773090f868034a322021-12-23 11:52:31.444root 11241100x80000000000000007212838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd20a630eea2d8c2021-12-23 11:52:31.444root 11241100x80000000000000007212839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23658b27a234846d2021-12-23 11:52:31.444root 11241100x80000000000000007212840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b8320a74e59be2021-12-23 11:52:31.444root 11241100x80000000000000007212841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966fe2ee2ebb4c122021-12-23 11:52:31.444root 11241100x80000000000000007212842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20a82490b35501b2021-12-23 11:52:31.444root 11241100x80000000000000007212843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb935026eaf626c2021-12-23 11:52:31.444root 11241100x80000000000000007212844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d264911144560bb32021-12-23 11:52:31.444root 11241100x80000000000000007212845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6678f53c428389382021-12-23 11:52:31.444root 11241100x80000000000000007212846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb3fead442fbd0a2021-12-23 11:52:31.445root 11241100x80000000000000007212847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f933c7cc6384a782021-12-23 11:52:31.445root 11241100x80000000000000007212848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647e2412f15ae6b62021-12-23 11:52:31.445root 11241100x80000000000000007212849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fd3fb7e8477922021-12-23 11:52:31.445root 11241100x80000000000000007212850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fe7da74d8a45d52021-12-23 11:52:31.445root 11241100x80000000000000007212851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2ebf4c5c2ad8f72021-12-23 11:52:31.445root 11241100x80000000000000007212852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0ed9de82dea1282021-12-23 11:52:31.445root 11241100x80000000000000007212853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beafb9e3a72340252021-12-23 11:52:31.943root 11241100x80000000000000007212854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2852027079027bfe2021-12-23 11:52:31.943root 11241100x80000000000000007212855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77d870b15e23082021-12-23 11:52:31.943root 11241100x80000000000000007212856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcb371481960fe02021-12-23 11:52:31.943root 11241100x80000000000000007212857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7238e6bb7d58732021-12-23 11:52:31.943root 11241100x80000000000000007212858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d801525bd828e02021-12-23 11:52:31.943root 11241100x80000000000000007212859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465ce2d09cc2a9072021-12-23 11:52:31.943root 11241100x80000000000000007212860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa85457e4b6f20252021-12-23 11:52:31.943root 11241100x80000000000000007212861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b121af401203432021-12-23 11:52:31.943root 11241100x80000000000000007212862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11379b0d876c8692021-12-23 11:52:31.944root 11241100x80000000000000007212863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77aca0f9a06c7f12021-12-23 11:52:31.944root 11241100x80000000000000007212864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aa992f7b9a309d2021-12-23 11:52:31.944root 11241100x80000000000000007212865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39a34c73ecfbaa12021-12-23 11:52:31.944root 11241100x80000000000000007212866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d635b145c1581f1f2021-12-23 11:52:31.944root 11241100x80000000000000007212867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed28f147b9243be2021-12-23 11:52:31.944root 11241100x80000000000000007212868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b58fd0d749bed42021-12-23 11:52:31.944root 11241100x80000000000000007212869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0831e6b315df58692021-12-23 11:52:31.944root 11241100x80000000000000007212870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da9829b9159c6102021-12-23 11:52:31.944root 11241100x80000000000000007212871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acbfb78047dc9bf2021-12-23 11:52:31.945root 11241100x80000000000000007212872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3d9aef0765ffd52021-12-23 11:52:31.945root 11241100x80000000000000007212873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336050ea832447122021-12-23 11:52:31.945root 11241100x80000000000000007212874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790107cafecbe1f72021-12-23 11:52:31.945root 11241100x80000000000000007212875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91743236c5a1d4d52021-12-23 11:52:31.945root 11241100x80000000000000007212876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d230acbc4d4c0e422021-12-23 11:52:31.945root 11241100x80000000000000007212877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1714a288e68bf73a2021-12-23 11:52:31.945root 154100x80000000000000007212878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.072{ec2b6afe-6300-61c4-6854-e65c53560000}5074/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000007212879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.082{ec2b6afe-6300-61c4-6854-e65c53560000}5074/bin/psroot 11241100x80000000000000007212880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fc4e2f8afbfa9e2021-12-23 11:52:32.443root 11241100x80000000000000007212881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e84ea7b73852a42021-12-23 11:52:32.443root 11241100x80000000000000007212882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7f1cd8af1c82da2021-12-23 11:52:32.443root 11241100x80000000000000007212883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73e0f3f89fb6ab42021-12-23 11:52:32.443root 11241100x80000000000000007212884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec14df069b95dea52021-12-23 11:52:32.443root 11241100x80000000000000007212885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5778731fcfe351a02021-12-23 11:52:32.443root 11241100x80000000000000007212886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dc6c201d5cb4ef2021-12-23 11:52:32.443root 11241100x80000000000000007212887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19e603fe314ff4f2021-12-23 11:52:32.443root 11241100x80000000000000007212888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681fa3f49b2468672021-12-23 11:52:32.443root 11241100x80000000000000007212889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6850cdab96cc86062021-12-23 11:52:32.443root 11241100x80000000000000007212890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b111a2385f63f53c2021-12-23 11:52:32.444root 11241100x80000000000000007212891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26d4b36bd54193f2021-12-23 11:52:32.444root 11241100x80000000000000007212892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8f492c9c6360532021-12-23 11:52:32.444root 11241100x80000000000000007212893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70f38eca5dd10702021-12-23 11:52:32.444root 11241100x80000000000000007212894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79628e0906577872021-12-23 11:52:32.444root 11241100x80000000000000007212895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18eb654e32b08ecb2021-12-23 11:52:32.444root 11241100x80000000000000007212896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3b296fbc8ae2992021-12-23 11:52:32.444root 11241100x80000000000000007212897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897b5927e921a9f22021-12-23 11:52:32.444root 11241100x80000000000000007212898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd07b81afbe69f42021-12-23 11:52:32.444root 11241100x80000000000000007212899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8dfd021f2fca762021-12-23 11:52:32.445root 11241100x80000000000000007212900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c71f60f0b2baa162021-12-23 11:52:32.445root 11241100x80000000000000007212901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e1b6ce7be7e30a2021-12-23 11:52:32.445root 11241100x80000000000000007212902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c86c7cbb2dc7bfd2021-12-23 11:52:32.445root 11241100x80000000000000007212903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6707668ac914dd82021-12-23 11:52:32.445root 11241100x80000000000000007212904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c9c7d4593fbd2b2021-12-23 11:52:32.445root 11241100x80000000000000007212905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb2ab95148f22222021-12-23 11:52:32.445root 11241100x80000000000000007212906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a957fb6e5c5feb2021-12-23 11:52:32.445root 11241100x80000000000000007212907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2800602668f43b4d2021-12-23 11:52:32.446root 11241100x80000000000000007212908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d966002323c262021-12-23 11:52:32.942root 11241100x80000000000000007212909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48c3fd7375b96fb2021-12-23 11:52:32.943root 11241100x80000000000000007212910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8079e1762e98f72021-12-23 11:52:32.943root 11241100x80000000000000007212911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758fb78e1a8484202021-12-23 11:52:32.943root 11241100x80000000000000007212912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47df97c4b82be3f62021-12-23 11:52:32.943root 11241100x80000000000000007212913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f4b42f95a7d412021-12-23 11:52:32.943root 11241100x80000000000000007212914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6fd7e2eb9221e62021-12-23 11:52:32.943root 11241100x80000000000000007212915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a9a9dc02a147102021-12-23 11:52:32.943root 11241100x80000000000000007212916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c44db298a1bfe7a2021-12-23 11:52:32.943root 11241100x80000000000000007212917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59ffa939c6ec9112021-12-23 11:52:32.943root 11241100x80000000000000007212918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226c011bd82e7c542021-12-23 11:52:32.944root 11241100x80000000000000007212919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ce8dd3694acb6d2021-12-23 11:52:32.944root 11241100x80000000000000007212920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729869ddc6614f8f2021-12-23 11:52:32.944root 11241100x80000000000000007212921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f57191a17bc38b2021-12-23 11:52:32.944root 11241100x80000000000000007212922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735c5a346632bc092021-12-23 11:52:32.944root 11241100x80000000000000007212923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a2910e5c98439a2021-12-23 11:52:32.944root 11241100x80000000000000007212924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c200067b4368272021-12-23 11:52:32.944root 11241100x80000000000000007212925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7d6cc5f3ef10a02021-12-23 11:52:32.945root 11241100x80000000000000007212926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc3c35694fe945c2021-12-23 11:52:32.945root 11241100x80000000000000007212927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7a3f17427b97b62021-12-23 11:52:32.945root 11241100x80000000000000007212928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbab47f9b9f76b32021-12-23 11:52:32.945root 11241100x80000000000000007212929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219881d5d0a1a7032021-12-23 11:52:32.945root 11241100x80000000000000007212930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ef142c347cb8d32021-12-23 11:52:32.945root 11241100x80000000000000007212931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed47ccfa94de6f82021-12-23 11:52:32.945root 11241100x80000000000000007212932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264216635870b7d32021-12-23 11:52:32.945root 11241100x80000000000000007212933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8a68b03f3105292021-12-23 11:52:32.945root 11241100x80000000000000007212934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c928cc5469b66ad2021-12-23 11:52:32.946root 11241100x80000000000000007212935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad04f86f89c82f22021-12-23 11:52:32.946root 11241100x80000000000000007212936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33a86332cb8f8862021-12-23 11:52:32.946root 23542300x80000000000000007212937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007212938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c7e380f1749fe22021-12-23 11:52:33.443root 11241100x80000000000000007212939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6c067ade848592021-12-23 11:52:33.443root 11241100x80000000000000007212940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1029a0b1e9e4a92021-12-23 11:52:33.443root 11241100x80000000000000007212941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd6eb61448f26772021-12-23 11:52:33.443root 11241100x80000000000000007212942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a0f92b76e178d02021-12-23 11:52:33.444root 11241100x80000000000000007212943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab929d554ef6f0382021-12-23 11:52:33.444root 11241100x80000000000000007212944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893d2e4096764ea62021-12-23 11:52:33.444root 11241100x80000000000000007212945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcdf3db0eaca61a2021-12-23 11:52:33.444root 11241100x80000000000000007212946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0952489523f76f02021-12-23 11:52:33.444root 11241100x80000000000000007212947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6333bafe3a472bbf2021-12-23 11:52:33.444root 11241100x80000000000000007212948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f11b70cbfdf2cd2021-12-23 11:52:33.444root 11241100x80000000000000007212949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a99dbbcb8805502021-12-23 11:52:33.444root 11241100x80000000000000007212950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c3d4420e3e8ddd2021-12-23 11:52:33.444root 11241100x80000000000000007212951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104cbb6a7a70bcae2021-12-23 11:52:33.444root 11241100x80000000000000007212952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3504671b0c3c452021-12-23 11:52:33.444root 11241100x80000000000000007212953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2161d815e80d23242021-12-23 11:52:33.444root 11241100x80000000000000007212954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f52302e32ddda222021-12-23 11:52:33.444root 11241100x80000000000000007212955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd23c6f077b9fcb2021-12-23 11:52:33.444root 11241100x80000000000000007212956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d16d9d085be23502021-12-23 11:52:33.445root 11241100x80000000000000007212957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bab348c560b8232021-12-23 11:52:33.445root 11241100x80000000000000007212958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f860e4515f87db3d2021-12-23 11:52:33.445root 11241100x80000000000000007212959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc9e5578ac2c37a2021-12-23 11:52:33.445root 11241100x80000000000000007212960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d9b00c39bae5382021-12-23 11:52:33.445root 11241100x80000000000000007212961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908bc603cd8e57552021-12-23 11:52:33.445root 11241100x80000000000000007212962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d4f93c102c7e42021-12-23 11:52:33.445root 11241100x80000000000000007212963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961086c42ab255692021-12-23 11:52:33.445root 11241100x80000000000000007212964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfabaa481a306ae2021-12-23 11:52:33.445root 11241100x80000000000000007212965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc38a654ce13fa652021-12-23 11:52:33.943root 11241100x80000000000000007212966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70367e3f33e8b0382021-12-23 11:52:33.943root 11241100x80000000000000007212967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e03ea21f829151b2021-12-23 11:52:33.943root 11241100x80000000000000007212968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f762e28d94ae99602021-12-23 11:52:33.943root 11241100x80000000000000007212969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f67105e740a2c2021-12-23 11:52:33.943root 11241100x80000000000000007212970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a3f42f6693b60b2021-12-23 11:52:33.943root 11241100x80000000000000007212971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3659452335b13352021-12-23 11:52:33.943root 11241100x80000000000000007212972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31da10b5b9dc71b82021-12-23 11:52:33.943root 11241100x80000000000000007212973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5917783a27aa55282021-12-23 11:52:33.943root 11241100x80000000000000007212974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5410d7b1c03bb372021-12-23 11:52:33.943root 11241100x80000000000000007212975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c12ae679abbb72021-12-23 11:52:33.944root 11241100x80000000000000007212976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0ed058873b3ac22021-12-23 11:52:33.944root 11241100x80000000000000007212977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e6490da691f6a42021-12-23 11:52:33.944root 11241100x80000000000000007212978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378ace8f940779432021-12-23 11:52:33.944root 11241100x80000000000000007212979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b45efbae6fa1eb72021-12-23 11:52:33.944root 11241100x80000000000000007212980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37000711631d865f2021-12-23 11:52:33.944root 11241100x80000000000000007212981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bc762e3fa6048e2021-12-23 11:52:33.944root 11241100x80000000000000007212982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e669385b1e4951a2021-12-23 11:52:33.944root 11241100x80000000000000007212983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9202b47305baf3c2021-12-23 11:52:33.944root 11241100x80000000000000007212984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef2352da2d01e702021-12-23 11:52:33.944root 11241100x80000000000000007212985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90658ce067caea312021-12-23 11:52:33.944root 11241100x80000000000000007212986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fef9d83ba88c9812021-12-23 11:52:33.944root 354300x80000000000000007213016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:42.000{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-49082-false10.0.1.12-8089- 11241100x80000000000000007213017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:42.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe81c73b98fb55582021-12-23 11:52:42.442root 11241100x80000000000000007213018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:42.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c52308b76290af2021-12-23 11:52:42.942root 11241100x80000000000000007213019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:43.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c17ef68c23a3a2021-12-23 11:52:43.442root 11241100x80000000000000007213020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:43.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8962f338de9fe72021-12-23 11:52:43.942root 11241100x80000000000000007213021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:44.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dd92403b0bb8262021-12-23 11:52:44.442root 11241100x80000000000000007213022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b987e4e76ecd3882021-12-23 11:52:44.942root 354300x80000000000000007213023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:45.116{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33788-false10.0.1.12-8000- 11241100x80000000000000007213024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd31b7df151b64f2021-12-23 11:52:45.442root 11241100x80000000000000007213025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93da0cb648ed03362021-12-23 11:52:45.443root 11241100x80000000000000007213026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23b34e2078d5e592021-12-23 11:52:45.942root 11241100x80000000000000007213027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5830a4a2dc5e65472021-12-23 11:52:45.943root 11241100x80000000000000007213028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d5f7ed382774d12021-12-23 11:52:46.442root 11241100x80000000000000007213029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f6024b7db1e1fe2021-12-23 11:52:46.443root 11241100x80000000000000007213030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:46.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af13192bf1bb9e02021-12-23 11:52:46.942root 11241100x80000000000000007213031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50423f3b990dae372021-12-23 11:52:46.943root 11241100x80000000000000007213032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6b15d8a0f319782021-12-23 11:52:47.442root 11241100x80000000000000007213033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed1a22b69f207282021-12-23 11:52:47.443root 11241100x80000000000000007213034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea16677ecf12282d2021-12-23 11:52:47.942root 11241100x80000000000000007213035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa0cbe03f85b43e2021-12-23 11:52:47.943root 11241100x80000000000000007213036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1d74cf7a75727e2021-12-23 11:52:48.442root 11241100x80000000000000007213037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dd589b1a88a0532021-12-23 11:52:48.443root 11241100x80000000000000007213038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d3dce8f66f36dc2021-12-23 11:52:48.942root 11241100x80000000000000007213039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c048faa0de35e6342021-12-23 11:52:48.942root 11241100x80000000000000007213040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00430c0164dfc7682021-12-23 11:52:49.442root 11241100x80000000000000007213041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e3a94a5bd7b7fc2021-12-23 11:52:49.442root 11241100x80000000000000007213042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d12bb5f3906b482021-12-23 11:52:49.942root 11241100x80000000000000007213043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d50d423a3ebbe3f2021-12-23 11:52:49.942root 354300x80000000000000007213044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:50.210{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33790-false10.0.1.12-8000- 11241100x80000000000000007213045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:50.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1921724aec72932021-12-23 11:52:50.211root 11241100x80000000000000007213046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:50.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1ae66548695e132021-12-23 11:52:50.211root 11241100x80000000000000007213047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:50.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c365d7b3df8c511b2021-12-23 11:52:50.692root 11241100x80000000000000007213048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3f6ceb8462685f2021-12-23 11:52:50.693root 11241100x80000000000000007213049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9835bcc4428b5f2021-12-23 11:52:50.693root 11241100x80000000000000007213050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:51.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518aaebf18eeeed02021-12-23 11:52:51.192root 11241100x80000000000000007213051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61b81ddb92ea77c2021-12-23 11:52:51.193root 11241100x80000000000000007213052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47046127466f81292021-12-23 11:52:51.193root 11241100x80000000000000007213053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:51.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3758be3b5d0c2f2021-12-23 11:52:51.692root 11241100x80000000000000007213054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377a743aa1ca280a2021-12-23 11:52:51.693root 11241100x80000000000000007213055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b13543da6eef752021-12-23 11:52:51.693root 11241100x80000000000000007213056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa48ac6d6f401832021-12-23 11:52:52.192root 11241100x80000000000000007213057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fc86181ff725c32021-12-23 11:52:52.193root 11241100x80000000000000007213058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6912aa9be5f8a12021-12-23 11:52:52.193root 11241100x80000000000000007213059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:52.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac6dae816cd83e02021-12-23 11:52:52.692root 11241100x80000000000000007213060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beeb9d18c68129c92021-12-23 11:52:52.693root 11241100x80000000000000007213061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd89e16e755a17e02021-12-23 11:52:52.693root 11241100x80000000000000007213062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:53.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9b6171b7f27bd72021-12-23 11:52:53.192root 11241100x80000000000000007213063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4977d3298e3be1f2021-12-23 11:52:53.193root 11241100x80000000000000007213064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88404f6ce8f075a32021-12-23 11:52:53.193root 11241100x80000000000000007213065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:53.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af268f744f5867192021-12-23 11:52:53.692root 11241100x80000000000000007213066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b12acf79795e1d92021-12-23 11:52:53.693root 11241100x80000000000000007213067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212c10c210489dba2021-12-23 11:52:53.693root 11241100x80000000000000007213068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb9eb7554fd16d72021-12-23 11:52:54.193root 11241100x80000000000000007213069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0386f65a7896acb2021-12-23 11:52:54.193root 11241100x80000000000000007213070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14c3165aeec321c2021-12-23 11:52:54.193root 11241100x80000000000000007213071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:54.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c6ba7d65bc67ca2021-12-23 11:52:54.692root 11241100x80000000000000007213072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a79d914da1a3192021-12-23 11:52:54.693root 11241100x80000000000000007213073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f688df03ab893c22021-12-23 11:52:54.693root 11241100x80000000000000007213074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:55.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea05f40aef4bb672021-12-23 11:52:55.192root 11241100x80000000000000007213075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9caebe21727b1e02021-12-23 11:52:55.193root 11241100x80000000000000007213076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af443fd4a98e0fe22021-12-23 11:52:55.193root 11241100x80000000000000007213077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:55.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323fbb6a7b20e9d12021-12-23 11:52:55.692root 11241100x80000000000000007213078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cda58291a7fbb62021-12-23 11:52:55.693root 11241100x80000000000000007213079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959a4b715135e9b92021-12-23 11:52:55.693root 354300x80000000000000007213080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.095{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33792-false10.0.1.12-8000- 11241100x80000000000000007213081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dde0e33f43c7f692021-12-23 11:52:56.096root 11241100x80000000000000007213082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2837457b4b06072021-12-23 11:52:56.096root 11241100x80000000000000007213083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94b107b4253c2512021-12-23 11:52:56.096root 11241100x80000000000000007213084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab45decec3a25d882021-12-23 11:52:56.096root 11241100x80000000000000007213085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3877de28186e8d3c2021-12-23 11:52:56.442root 11241100x80000000000000007213086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dec92d94c6c0262021-12-23 11:52:56.443root 11241100x80000000000000007213087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c2c174deb30d0b2021-12-23 11:52:56.443root 11241100x80000000000000007213088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc986e8c36d29e82021-12-23 11:52:56.443root 11241100x80000000000000007213089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7461dba7b04598bb2021-12-23 11:52:56.942root 11241100x80000000000000007213090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3898083117df152021-12-23 11:52:56.943root 11241100x80000000000000007213091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c95feae022fc38a2021-12-23 11:52:56.943root 11241100x80000000000000007213092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d217d1abfcfcffc2021-12-23 11:52:56.943root 11241100x80000000000000007213093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc57aa2ab3f607a2021-12-23 11:52:57.442root 11241100x80000000000000007213094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d777d5249783ac232021-12-23 11:52:57.443root 11241100x80000000000000007213095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca17ffdd813cfa992021-12-23 11:52:57.443root 11241100x80000000000000007213096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44a3d515b71c70b2021-12-23 11:52:57.443root 11241100x80000000000000007213097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a3b75516346d042021-12-23 11:52:57.942root 11241100x80000000000000007213098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e266da7d3d553322021-12-23 11:52:57.943root 11241100x80000000000000007213099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf165acdf9e22322021-12-23 11:52:57.943root 11241100x80000000000000007213100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460ba8d458717d6a2021-12-23 11:52:57.943root 11241100x80000000000000007213101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdb5faa1ea5a9042021-12-23 11:52:58.442root 11241100x80000000000000007213102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e5eada27b7d8c2021-12-23 11:52:58.443root 11241100x80000000000000007213103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3e010aec3b08502021-12-23 11:52:58.443root 11241100x80000000000000007213104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857fc8735cd7e7272021-12-23 11:52:58.443root 11241100x80000000000000007213105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03f151a782561bd2021-12-23 11:52:58.942root 11241100x80000000000000007213106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178e30ab2247e79c2021-12-23 11:52:58.943root 11241100x80000000000000007213107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40379205543e1a4c2021-12-23 11:52:58.943root 11241100x80000000000000007213108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1c690ca31e0a352021-12-23 11:52:58.943root 11241100x80000000000000007213109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e87c21992866bc2021-12-23 11:52:59.443root 11241100x80000000000000007213110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349d6df5333fbd792021-12-23 11:52:59.443root 11241100x80000000000000007213111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4e297b98a30ebc2021-12-23 11:52:59.443root 11241100x80000000000000007213112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bfefb3fb6cc8e62021-12-23 11:52:59.443root 11241100x80000000000000007213113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b5ce8862819fe22021-12-23 11:52:59.942root 11241100x80000000000000007213114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4609c051c10e362021-12-23 11:52:59.943root 11241100x80000000000000007213115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7f28b62deb3a1c2021-12-23 11:52:59.943root 11241100x80000000000000007213116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5676d5bbd827a1932021-12-23 11:52:59.943root 11241100x80000000000000007213117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:53:00.143root 11241100x80000000000000007213118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1347fd35e1c58c5f2021-12-23 11:53:00.443root 11241100x80000000000000007213119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c47e6739e427d302021-12-23 11:53:00.443root 11241100x80000000000000007213120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe355817ffa6cb492021-12-23 11:53:00.443root 11241100x80000000000000007213121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee4f05b343c563a2021-12-23 11:53:00.443root 11241100x80000000000000007213122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c852c3546474be2021-12-23 11:53:00.443root 11241100x80000000000000007213123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2fe300fdc9e9532021-12-23 11:53:00.943root 11241100x80000000000000007213124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6e1429f5d09b942021-12-23 11:53:00.943root 11241100x80000000000000007213125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8462cac66a72522021-12-23 11:53:00.943root 11241100x80000000000000007213126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae022dc74ac5bd12021-12-23 11:53:00.943root 11241100x80000000000000007213127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3c07e17d4b7eec2021-12-23 11:53:00.943root 354300x80000000000000007213128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.228{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33794-false10.0.1.12-8000- 11241100x80000000000000007213129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6d380b52ac600b2021-12-23 11:53:01.229root 11241100x80000000000000007213130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4259867c649f542021-12-23 11:53:01.229root 11241100x80000000000000007213131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6bff97549e144e2021-12-23 11:53:01.230root 11241100x80000000000000007213132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191ee0a174bf352b2021-12-23 11:53:01.230root 11241100x80000000000000007213133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bf5f84b4bee9a42021-12-23 11:53:01.230root 11241100x80000000000000007213134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6438f1b66d0bcd502021-12-23 11:53:01.230root 11241100x80000000000000007213135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c12a9f29c501a2021-12-23 11:53:01.693root 11241100x80000000000000007213136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108249cf8dd35f4c2021-12-23 11:53:01.693root 11241100x80000000000000007213137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ea447d1e0dd2822021-12-23 11:53:01.693root 11241100x80000000000000007213138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f51aa467a7be82021-12-23 11:53:01.693root 11241100x80000000000000007213139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62470f32da3a4dd2021-12-23 11:53:01.693root 11241100x80000000000000007213140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3e54aded92d64a2021-12-23 11:53:01.693root 11241100x80000000000000007213141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217358e43bdfe7ca2021-12-23 11:53:02.193root 11241100x80000000000000007213142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2c55639c6a37272021-12-23 11:53:02.193root 11241100x80000000000000007213143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c65c0f08955d22021-12-23 11:53:02.193root 11241100x80000000000000007213144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba178b8e795e0df82021-12-23 11:53:02.193root 11241100x80000000000000007213145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e07323ccb207172021-12-23 11:53:02.193root 11241100x80000000000000007213146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ea7a039a5413302021-12-23 11:53:02.193root 11241100x80000000000000007213147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142c2687c583c3192021-12-23 11:53:02.693root 11241100x80000000000000007213148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e6aaa37f0e9d6f2021-12-23 11:53:02.693root 11241100x80000000000000007213149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c583b78e1d23552021-12-23 11:53:02.693root 11241100x80000000000000007213150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870d41f7b48327c12021-12-23 11:53:02.693root 11241100x80000000000000007213151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c109c602bc4b58a2021-12-23 11:53:02.693root 11241100x80000000000000007213152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87012b01568980222021-12-23 11:53:02.693root 11241100x80000000000000007213153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660a4c1ef2988c0d2021-12-23 11:53:03.193root 11241100x80000000000000007213154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76c21c1c55ebaeb2021-12-23 11:53:03.193root 11241100x80000000000000007213155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c04ea3e12e8cf882021-12-23 11:53:03.193root 11241100x80000000000000007213156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e46c6bcebdd2ad2021-12-23 11:53:03.193root 11241100x80000000000000007213157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2ad4cabd5bc7472021-12-23 11:53:03.193root 11241100x80000000000000007213158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed29f5ad41d1a4f32021-12-23 11:53:03.193root 11241100x80000000000000007213159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f4f847b939f0e82021-12-23 11:53:03.693root 11241100x80000000000000007213160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bfdc1cde95c48c2021-12-23 11:53:03.693root 11241100x80000000000000007213161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a5c496e9ad1f232021-12-23 11:53:03.693root 11241100x80000000000000007213162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c6ea5610f213f2021-12-23 11:53:03.693root 11241100x80000000000000007213163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65186fe24a34b37d2021-12-23 11:53:03.693root 11241100x80000000000000007213164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178603c480a05e3d2021-12-23 11:53:03.693root 11241100x80000000000000007213165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7def83b644bf5f742021-12-23 11:53:04.193root 11241100x80000000000000007213166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d4f0dda94926a82021-12-23 11:53:04.193root 11241100x80000000000000007213167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20716044760b42052021-12-23 11:53:04.193root 11241100x80000000000000007213168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fd10d48aeff6232021-12-23 11:53:04.193root 11241100x80000000000000007213169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af14138fe6ba47252021-12-23 11:53:04.193root 11241100x80000000000000007213170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2716cb39e1aadddd2021-12-23 11:53:04.193root 11241100x80000000000000007213171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76912b11145ea0d2021-12-23 11:53:04.693root 11241100x80000000000000007213172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e6ff7ac172c8b2021-12-23 11:53:04.693root 11241100x80000000000000007213173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce160079458f5f602021-12-23 11:53:04.693root 11241100x80000000000000007213174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a523849b89d8822021-12-23 11:53:04.693root 11241100x80000000000000007213175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c3dffabcd948212021-12-23 11:53:04.693root 11241100x80000000000000007213176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20fc4d5fcc4ead82021-12-23 11:53:04.693root 11241100x80000000000000007213177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c40b27bbf1d13b2021-12-23 11:53:05.193root 11241100x80000000000000007213178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720e33d3a0a903ee2021-12-23 11:53:05.193root 11241100x80000000000000007213179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759572d369c91fb02021-12-23 11:53:05.193root 11241100x80000000000000007213180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4010f49267926c652021-12-23 11:53:05.193root 11241100x80000000000000007213181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdb1e4f90b69f402021-12-23 11:53:05.193root 11241100x80000000000000007213182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552c90768537dcd42021-12-23 11:53:05.193root 11241100x80000000000000007213183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a01d39bf26c9092021-12-23 11:53:05.693root 11241100x80000000000000007213184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4544f261009fa72021-12-23 11:53:05.693root 11241100x80000000000000007213185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beae1c147fe94a5b2021-12-23 11:53:05.693root 11241100x80000000000000007213186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3093d18660a3db7d2021-12-23 11:53:05.693root 11241100x80000000000000007213187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbfa0496f1502402021-12-23 11:53:05.693root 11241100x80000000000000007213188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641059675e6eb1022021-12-23 11:53:05.693root 23542300x80000000000000007213189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.005{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007213190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.006{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f79e70b00fc5cbe2021-12-23 11:53:06.006root 11241100x80000000000000007213191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c0fd98c8c37bd02021-12-23 11:53:06.007root 11241100x80000000000000007213192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11892115a2c260862021-12-23 11:53:06.007root 11241100x80000000000000007213193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eddea19c41f4492021-12-23 11:53:06.007root 11241100x80000000000000007213194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e9be0fb3a02b82021-12-23 11:53:06.007root 11241100x80000000000000007213195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2eab89679af152021-12-23 11:53:06.007root 11241100x80000000000000007213196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d891bb2ad8c55bbe2021-12-23 11:53:06.007root 11241100x80000000000000007213197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28042d923e6dce902021-12-23 11:53:06.443root 11241100x80000000000000007213198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1fd64f84ecbb62021-12-23 11:53:06.443root 11241100x80000000000000007213199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b32c127779f3812021-12-23 11:53:06.443root 11241100x80000000000000007213200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced0341785975a412021-12-23 11:53:06.443root 11241100x80000000000000007213201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c401711416d12b2021-12-23 11:53:06.443root 11241100x80000000000000007213202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080e08a68327cfa62021-12-23 11:53:06.443root 11241100x80000000000000007213203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211c2694366c941b2021-12-23 11:53:06.443root 11241100x80000000000000007213204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781b4e548b61849a2021-12-23 11:53:06.943root 11241100x80000000000000007213205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974e05ad465a0c192021-12-23 11:53:06.943root 11241100x80000000000000007213206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e281568fdcbc7ef2021-12-23 11:53:06.943root 11241100x80000000000000007213207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44760a2854bd8592021-12-23 11:53:06.943root 11241100x80000000000000007213208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f820143474cb63902021-12-23 11:53:06.943root 11241100x80000000000000007213209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf46c0ce6a81ab412021-12-23 11:53:06.943root 11241100x80000000000000007213210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b912158b8d04ab712021-12-23 11:53:06.943root 354300x80000000000000007213211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.155{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33796-false10.0.1.12-8000- 11241100x80000000000000007213212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c156579a5a40809a2021-12-23 11:53:07.443root 11241100x80000000000000007213213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c4d1a5ce458b362021-12-23 11:53:07.443root 11241100x80000000000000007213214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c637fd8eed65a622021-12-23 11:53:07.443root 11241100x80000000000000007213215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd01b139eac355d12021-12-23 11:53:07.443root 11241100x80000000000000007213216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84e834e844ace4c2021-12-23 11:53:07.443root 11241100x80000000000000007213217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e2d816405d60582021-12-23 11:53:07.443root 11241100x80000000000000007213218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989d768bba939a812021-12-23 11:53:07.443root 11241100x80000000000000007213219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966ce6368c05142d2021-12-23 11:53:07.444root 11241100x80000000000000007213220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275b0b4ca00409b62021-12-23 11:53:07.943root 11241100x80000000000000007213221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e85d364a20cd6b42021-12-23 11:53:07.943root 11241100x80000000000000007213222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29a21bb2d28f9c72021-12-23 11:53:07.943root 11241100x80000000000000007213223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd6a5d4284ed5bf2021-12-23 11:53:07.943root 11241100x80000000000000007213224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e565705197cc16932021-12-23 11:53:07.943root 11241100x80000000000000007213225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab36a4a74aa3c152021-12-23 11:53:07.943root 11241100x80000000000000007213226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d7f6a58b9d82662021-12-23 11:53:07.943root 11241100x80000000000000007213227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b70ae850e096d42021-12-23 11:53:07.943root 11241100x80000000000000007213228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3258de08fbb84c202021-12-23 11:53:08.443root 11241100x80000000000000007213229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f742d981c343562021-12-23 11:53:08.443root 11241100x80000000000000007213230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c59a69ed130e22021-12-23 11:53:08.443root 11241100x80000000000000007213231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5148af7e5cd215392021-12-23 11:53:08.443root 11241100x80000000000000007213232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ffa29ec86537ef2021-12-23 11:53:08.443root 11241100x80000000000000007213233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561a48103c37e2712021-12-23 11:53:08.443root 11241100x80000000000000007213234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f991504b8eea64042021-12-23 11:53:08.443root 11241100x80000000000000007213235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861216e3716628522021-12-23 11:53:08.443root 11241100x80000000000000007213236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283d56687cbc2b572021-12-23 11:53:08.943root 11241100x80000000000000007213237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d4e3ac002cf70c2021-12-23 11:53:08.943root 11241100x80000000000000007213238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc98b510083db3692021-12-23 11:53:08.943root 11241100x80000000000000007213239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4896979019b913232021-12-23 11:53:08.943root 11241100x80000000000000007213240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02c521cf788d71b2021-12-23 11:53:08.943root 11241100x80000000000000007213241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bb841feee013692021-12-23 11:53:08.943root 11241100x80000000000000007213242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bb7ee2999161972021-12-23 11:53:08.943root 11241100x80000000000000007213243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b42a2377721b392021-12-23 11:53:08.943root 11241100x80000000000000007213244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5d6eacb8ea89de2021-12-23 11:53:09.443root 11241100x80000000000000007213245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f491d302aafeb12021-12-23 11:53:09.443root 11241100x80000000000000007213246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ce28a7f4d03242021-12-23 11:53:09.443root 11241100x80000000000000007213247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59e5444fac1e4ef2021-12-23 11:53:09.443root 11241100x80000000000000007213248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a471f82f1670362021-12-23 11:53:09.443root 11241100x80000000000000007213249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c98e77ec9c8e6422021-12-23 11:53:09.443root 11241100x80000000000000007213250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e342b519c1030682021-12-23 11:53:09.443root 11241100x80000000000000007213251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adff90f05fed58f22021-12-23 11:53:09.443root 11241100x80000000000000007213252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d93a7bdc9dd92e2021-12-23 11:53:09.943root 11241100x80000000000000007213253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a879845e9f43ce62021-12-23 11:53:09.943root 11241100x80000000000000007213254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f08e404247fd82021-12-23 11:53:09.943root 11241100x80000000000000007213255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ccc470b57ff7cb2021-12-23 11:53:09.943root 11241100x80000000000000007213256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d8eff6e2dff54a2021-12-23 11:53:09.943root 11241100x80000000000000007213257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4905845445dd122021-12-23 11:53:09.943root 11241100x80000000000000007213258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f78531a45413132021-12-23 11:53:09.943root 11241100x80000000000000007213259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82f3b2ea453aeeb2021-12-23 11:53:09.943root 11241100x80000000000000007213260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39f236ab31bf8f32021-12-23 11:53:10.443root 11241100x80000000000000007213261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7558edade38bf282021-12-23 11:53:10.443root 11241100x80000000000000007213262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8063fea313d2f72021-12-23 11:53:10.443root 11241100x80000000000000007213263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223dbd182c276cd32021-12-23 11:53:10.443root 11241100x80000000000000007213264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1542016137b976702021-12-23 11:53:10.443root 11241100x80000000000000007213265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2c82808e3e21ce2021-12-23 11:53:10.443root 11241100x80000000000000007213266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a127de722acd5ed72021-12-23 11:53:10.443root 11241100x80000000000000007213267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d962a93758823292021-12-23 11:53:10.443root 11241100x80000000000000007213268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989aa139938e63c32021-12-23 11:53:10.942root 11241100x80000000000000007213269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06457165856eb1db2021-12-23 11:53:10.943root 11241100x80000000000000007213270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fdc0be19f0dbf72021-12-23 11:53:10.943root 11241100x80000000000000007213271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e9e71e3424c9c82021-12-23 11:53:10.943root 11241100x80000000000000007213272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d88150a234019ac2021-12-23 11:53:10.943root 11241100x80000000000000007213273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a81d2755cb279a2021-12-23 11:53:10.943root 11241100x80000000000000007213274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b443b97313f3442021-12-23 11:53:10.943root 11241100x80000000000000007213275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1080c1a783c3d4d22021-12-23 11:53:10.943root 11241100x80000000000000007213276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26770cf227a80f302021-12-23 11:53:11.443root 11241100x80000000000000007213277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9e80a74df7b8782021-12-23 11:53:11.443root 11241100x80000000000000007213278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20271738290e33c32021-12-23 11:53:11.443root 11241100x80000000000000007213279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837c84d762c80d422021-12-23 11:53:11.443root 11241100x80000000000000007213280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16abb219e6b6d6652021-12-23 11:53:11.443root 11241100x80000000000000007213281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10601e86ed13c4fc2021-12-23 11:53:11.443root 11241100x80000000000000007213282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f6ad4800e25fa22021-12-23 11:53:11.443root 11241100x80000000000000007213283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccd25bee7dcc1c22021-12-23 11:53:11.443root 11241100x80000000000000007213284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea37e21f1b78b402021-12-23 11:53:11.942root 11241100x80000000000000007213285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c07afd097c745bf2021-12-23 11:53:11.943root 11241100x80000000000000007213286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38970b9db5c6ac352021-12-23 11:53:11.943root 11241100x80000000000000007213287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94e4f0276d6ae002021-12-23 11:53:11.943root 11241100x80000000000000007213288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ccfdeabcf6f7ed2021-12-23 11:53:11.943root 11241100x80000000000000007213289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d019fc7b4658eb2021-12-23 11:53:11.943root 11241100x80000000000000007213290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3beb5d0dc955d82021-12-23 11:53:11.943root 11241100x80000000000000007213291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852371ab99850d612021-12-23 11:53:11.943root 11241100x80000000000000007213292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87892db3af3fe4f62021-12-23 11:53:12.443root 11241100x80000000000000007213293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ccf35c671a33b2021-12-23 11:53:12.443root 11241100x80000000000000007213294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cea73981e2900e72021-12-23 11:53:12.443root 11241100x80000000000000007213295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e04c9e2a0d43d6d2021-12-23 11:53:12.443root 11241100x80000000000000007213296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f96afc7ea47890e2021-12-23 11:53:12.443root 11241100x80000000000000007213297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b428b6ed5fc5bed32021-12-23 11:53:12.443root 11241100x80000000000000007213298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf0e26093fdd4c22021-12-23 11:53:12.443root 11241100x80000000000000007213299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d854672e05dd488a2021-12-23 11:53:12.443root 11241100x80000000000000007213300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93afc28aae91aca12021-12-23 11:53:12.943root 11241100x80000000000000007213301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3f8254468641192021-12-23 11:53:12.943root 11241100x80000000000000007213302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffddee22d4d365472021-12-23 11:53:12.943root 11241100x80000000000000007213303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6695dd54fb32082021-12-23 11:53:12.943root 11241100x80000000000000007213304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229a0d2f0ba3e5932021-12-23 11:53:12.943root 11241100x80000000000000007213305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f906899f4cbc712021-12-23 11:53:12.943root 11241100x80000000000000007213306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5e18533c01ab392021-12-23 11:53:12.943root 11241100x80000000000000007213307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8416d0f7f3a4be1c2021-12-23 11:53:12.943root 354300x80000000000000007213308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33798-false10.0.1.12-8000- 11241100x80000000000000007213309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b68915f8a523772021-12-23 11:53:13.443root 11241100x80000000000000007213310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bc9f7e10db68e12021-12-23 11:53:13.443root 11241100x80000000000000007213311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e20d6ddfcf7d4e2021-12-23 11:53:13.443root 11241100x80000000000000007213312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeaab933a5b1ae982021-12-23 11:53:13.443root 11241100x80000000000000007213313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf96bb5982467f62021-12-23 11:53:13.443root 11241100x80000000000000007213314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5758bce787eed9e72021-12-23 11:53:13.443root 11241100x80000000000000007213315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6c0765e73912392021-12-23 11:53:13.444root 11241100x80000000000000007213316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512892f6ff415de22021-12-23 11:53:13.444root 11241100x80000000000000007213317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c7f9177999318b2021-12-23 11:53:13.444root 11241100x80000000000000007213318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df4c7f6adc704442021-12-23 11:53:13.943root 11241100x80000000000000007213319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267581cb033101d32021-12-23 11:53:13.943root 11241100x80000000000000007213320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e003b88676036192021-12-23 11:53:13.943root 11241100x80000000000000007213321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d71421da4e235952021-12-23 11:53:13.943root 11241100x80000000000000007213322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8651dba59fadcbf12021-12-23 11:53:13.943root 11241100x80000000000000007213323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366d4aa209924e8f2021-12-23 11:53:13.943root 11241100x80000000000000007213324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1871b63af450b02021-12-23 11:53:13.943root 11241100x80000000000000007213325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfdb1df877b07a52021-12-23 11:53:13.943root 11241100x80000000000000007213326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48c6871bb04c24a2021-12-23 11:53:13.943root 11241100x80000000000000007213327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e2e512e17d785e2021-12-23 11:53:14.443root 11241100x80000000000000007213328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babc92630f9ca3262021-12-23 11:53:14.443root 11241100x80000000000000007213329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260af543388344bd2021-12-23 11:53:14.443root 11241100x80000000000000007213330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e21da88b1540fa82021-12-23 11:53:14.443root 11241100x80000000000000007213331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3400727ec030391c2021-12-23 11:53:14.443root 11241100x80000000000000007213332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a23ceaf265bbd22021-12-23 11:53:14.443root 11241100x80000000000000007213333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d46ffd06c2f44c2021-12-23 11:53:14.444root 11241100x80000000000000007213334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684fb655210e879b2021-12-23 11:53:14.444root 11241100x80000000000000007213335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf71e798b8f8e962021-12-23 11:53:14.444root 11241100x80000000000000007213336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924cb4b62593a4942021-12-23 11:53:14.943root 11241100x80000000000000007213337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f49edbcb5efdd72021-12-23 11:53:14.943root 11241100x80000000000000007213338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64a1d811a74c1072021-12-23 11:53:14.943root 11241100x80000000000000007213339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c205f21cda5f3ce12021-12-23 11:53:14.943root 11241100x80000000000000007213340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3062cd811cd6c55d2021-12-23 11:53:14.943root 11241100x80000000000000007213341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edd7120f922e55b2021-12-23 11:53:14.943root 11241100x80000000000000007213342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efe84d338d5222b2021-12-23 11:53:14.943root 11241100x80000000000000007213343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101a580e3f7d3a0a2021-12-23 11:53:14.943root 11241100x80000000000000007213344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcbaf1e598467bf2021-12-23 11:53:14.943root 11241100x80000000000000007213345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1537616de65f17052021-12-23 11:53:15.443root 11241100x80000000000000007213346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d953355f7b3dde2021-12-23 11:53:15.443root 11241100x80000000000000007213347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f04180b53969c72021-12-23 11:53:15.443root 11241100x80000000000000007213348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e664413c0871d9222021-12-23 11:53:15.443root 11241100x80000000000000007213349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e41aed5cb93b0c2021-12-23 11:53:15.443root 11241100x80000000000000007213350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2237d1bf192393d32021-12-23 11:53:15.443root 11241100x80000000000000007213351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4fbef192535f882021-12-23 11:53:15.443root 11241100x80000000000000007213352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc65c211087b8112021-12-23 11:53:15.444root 11241100x80000000000000007213353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024760865885375f2021-12-23 11:53:15.444root 11241100x80000000000000007213354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989c1cf7cdd8c0a92021-12-23 11:53:15.943root 11241100x80000000000000007213355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ade84bf2bb24602021-12-23 11:53:15.943root 11241100x80000000000000007213356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f4d33b16b3a692021-12-23 11:53:15.943root 11241100x80000000000000007213357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfb4d508bd1220f2021-12-23 11:53:15.943root 11241100x80000000000000007213358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616e9ba31e9dfd952021-12-23 11:53:15.943root 11241100x80000000000000007213359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107b279a2ef724c42021-12-23 11:53:15.943root 11241100x80000000000000007213360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e50ab28f54359e92021-12-23 11:53:15.944root 11241100x80000000000000007213361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca70e21558129152021-12-23 11:53:15.944root 11241100x80000000000000007213362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053da34dcdb7843e2021-12-23 11:53:15.944root 11241100x80000000000000007213363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfb96f103880d772021-12-23 11:53:16.443root 11241100x80000000000000007213364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5ed467179531f32021-12-23 11:53:16.443root 11241100x80000000000000007213365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c555ef23688a0b12021-12-23 11:53:16.443root 11241100x80000000000000007213366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862e62dc13b1b1152021-12-23 11:53:16.443root 11241100x80000000000000007213367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c57f8a708b94d0a2021-12-23 11:53:16.443root 11241100x80000000000000007213368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb06a370775488b32021-12-23 11:53:16.443root 11241100x80000000000000007213369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abde79eddb722c632021-12-23 11:53:16.443root 11241100x80000000000000007213370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c91df3ea2ce0c872021-12-23 11:53:16.444root 11241100x80000000000000007213371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d26db0a9dba92252021-12-23 11:53:16.444root 11241100x80000000000000007213372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86339e37f8a67cba2021-12-23 11:53:16.943root 11241100x80000000000000007213373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f845626b0801522021-12-23 11:53:16.943root 11241100x80000000000000007213374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72be2d2bdd8901472021-12-23 11:53:16.943root 11241100x80000000000000007213375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91e279741236a562021-12-23 11:53:16.943root 11241100x80000000000000007213376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03452ae16bbb91312021-12-23 11:53:16.943root 11241100x80000000000000007213377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c3017f832cb7b12021-12-23 11:53:16.943root 11241100x80000000000000007213378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31f81392e4fbf0e2021-12-23 11:53:16.943root 11241100x80000000000000007213379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a78cd98d34add02021-12-23 11:53:16.944root 11241100x80000000000000007213380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf74097f1d380102021-12-23 11:53:16.944root 11241100x80000000000000007213381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39680e4b77410f6e2021-12-23 11:53:17.443root 11241100x80000000000000007213382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295f9607cb404e982021-12-23 11:53:17.443root 11241100x80000000000000007213383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f471498b34cc82021-12-23 11:53:17.443root 11241100x80000000000000007213384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db298428ef81188c2021-12-23 11:53:17.443root 11241100x80000000000000007213385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c88d463fbeba5c12021-12-23 11:53:17.443root 11241100x80000000000000007213386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73071347346b87b2021-12-23 11:53:17.443root 11241100x80000000000000007213387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1e9983b86f78b2021-12-23 11:53:17.444root 11241100x80000000000000007213388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e911cb6b0420707b2021-12-23 11:53:17.444root 11241100x80000000000000007213389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cbcabbe4a64ac82021-12-23 11:53:17.444root 11241100x80000000000000007213390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d275fa0bbe7df02021-12-23 11:53:17.943root 11241100x80000000000000007213391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd8c7977be2a0142021-12-23 11:53:17.943root 11241100x80000000000000007213392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0adebce3e039522021-12-23 11:53:17.943root 11241100x80000000000000007213393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c043149e72361c72021-12-23 11:53:17.943root 11241100x80000000000000007213394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029010a4611d7c5a2021-12-23 11:53:17.943root 11241100x80000000000000007213395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e12b1f186834822021-12-23 11:53:17.943root 11241100x80000000000000007213396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387e6693cb39d3442021-12-23 11:53:17.943root 11241100x80000000000000007213397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7514d1b06ea5ed2021-12-23 11:53:17.943root 11241100x80000000000000007213398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614e6e18b2b6f0032021-12-23 11:53:17.943root 354300x80000000000000007213399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.170{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33800-false10.0.1.12-8000- 11241100x80000000000000007213400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ad952bbed9ab472021-12-23 11:53:18.443root 11241100x80000000000000007213401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d0ff6fb678dc32021-12-23 11:53:18.443root 11241100x80000000000000007213402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8250fd375bc3cfc2021-12-23 11:53:18.443root 11241100x80000000000000007213403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b3893acaf569342021-12-23 11:53:18.443root 11241100x80000000000000007213404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba11ed8c04fb50d2021-12-23 11:53:18.443root 11241100x80000000000000007213405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b1325c13367a2c2021-12-23 11:53:18.443root 11241100x80000000000000007213406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a541f17239423fc32021-12-23 11:53:18.443root 11241100x80000000000000007213407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cb207631b121392021-12-23 11:53:18.444root 11241100x80000000000000007213408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c119caf36b0d0822021-12-23 11:53:18.444root 11241100x80000000000000007213409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148375a0a0ce04332021-12-23 11:53:18.444root 11241100x80000000000000007213410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d059002fdfcf922021-12-23 11:53:18.943root 11241100x80000000000000007213411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bc755332aec46f2021-12-23 11:53:18.943root 11241100x80000000000000007213412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62370a3fa84664482021-12-23 11:53:18.943root 11241100x80000000000000007213413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b20fcbc01808cd2021-12-23 11:53:18.943root 11241100x80000000000000007213414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff8b6fd9f1a5a7b2021-12-23 11:53:18.943root 11241100x80000000000000007213415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c659466cea8abcc82021-12-23 11:53:18.943root 11241100x80000000000000007213416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57daa463a047dda2021-12-23 11:53:18.943root 11241100x80000000000000007213417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f652624574d7d392021-12-23 11:53:18.943root 11241100x80000000000000007213418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93734c0a6699d71e2021-12-23 11:53:18.943root 11241100x80000000000000007213419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae269be249fdfb522021-12-23 11:53:18.943root 11241100x80000000000000007213420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63681ad054978c72021-12-23 11:53:19.443root 11241100x80000000000000007213421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53124b2a88afc7362021-12-23 11:53:19.443root 11241100x80000000000000007213422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b34f6928b7f587a2021-12-23 11:53:19.443root 11241100x80000000000000007213423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cef7820142267d2021-12-23 11:53:19.443root 11241100x80000000000000007213424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f720c13d9d4d35252021-12-23 11:53:19.443root 11241100x80000000000000007213425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9618f174ecc5efb2021-12-23 11:53:19.443root 11241100x80000000000000007213426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c65bab14f6ac9e2021-12-23 11:53:19.443root 11241100x80000000000000007213427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec0c669bfaa0d1d2021-12-23 11:53:19.443root 11241100x80000000000000007213428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc055f7dea3f05ac2021-12-23 11:53:19.443root 11241100x80000000000000007213429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d7a93a20f64cdc2021-12-23 11:53:19.443root 11241100x80000000000000007213430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43b55cf96474c32021-12-23 11:53:19.942root 11241100x80000000000000007213431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557695c7cb43688b2021-12-23 11:53:19.943root 11241100x80000000000000007213432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c5a9a297a904b72021-12-23 11:53:19.943root 11241100x80000000000000007213433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a15180b76caa152021-12-23 11:53:19.943root 11241100x80000000000000007213434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c08c6acc5e45ff62021-12-23 11:53:19.943root 11241100x80000000000000007213435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50e6e1c772e2da62021-12-23 11:53:19.943root 11241100x80000000000000007213436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c4dcec3b4a0ec72021-12-23 11:53:19.943root 11241100x80000000000000007213437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83820802588a930f2021-12-23 11:53:19.943root 11241100x80000000000000007213438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0653f44ff24ce1512021-12-23 11:53:19.943root 11241100x80000000000000007213439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2a97386f1ac4ad2021-12-23 11:53:19.943root 11241100x80000000000000007213440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910214a76100d5952021-12-23 11:53:20.443root 11241100x80000000000000007213441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1c262bddd4f7422021-12-23 11:53:20.443root 11241100x80000000000000007213442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77227164124472662021-12-23 11:53:20.443root 11241100x80000000000000007213443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959bc5335d16bfc2021-12-23 11:53:20.443root 11241100x80000000000000007213444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747ba15e18a1cfab2021-12-23 11:53:20.443root 11241100x80000000000000007213445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911317535f5d0d102021-12-23 11:53:20.443root 11241100x80000000000000007213446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0ff68486319d752021-12-23 11:53:20.443root 11241100x80000000000000007213447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14006ff12dff7e702021-12-23 11:53:20.443root 11241100x80000000000000007213448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e33b69a3067292021-12-23 11:53:20.443root 11241100x80000000000000007213449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2499cf3ba89fdd92021-12-23 11:53:20.443root 11241100x80000000000000007213450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a370aae2a06daf52021-12-23 11:53:20.943root 11241100x80000000000000007213451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729cdbf1b65452c82021-12-23 11:53:20.943root 11241100x80000000000000007213452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b286c7aa768019aa2021-12-23 11:53:20.943root 11241100x80000000000000007213453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99d4e482df82192021-12-23 11:53:20.943root 11241100x80000000000000007213454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1b1a200323c04f2021-12-23 11:53:20.943root 11241100x80000000000000007213455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cd8ff4aac20d2b2021-12-23 11:53:20.943root 11241100x80000000000000007213456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa6877539549e602021-12-23 11:53:20.943root 11241100x80000000000000007213457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d463255d92ade5402021-12-23 11:53:20.943root 11241100x80000000000000007213458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c95e69d0db1d7b2021-12-23 11:53:20.943root 11241100x80000000000000007213459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386fdb2759afa3532021-12-23 11:53:20.943root 11241100x80000000000000007213460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c557c4870decebef2021-12-23 11:53:21.443root 11241100x80000000000000007213461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa4e57d29be99962021-12-23 11:53:21.443root 11241100x80000000000000007213462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70180d82fbbb89e62021-12-23 11:53:21.443root 11241100x80000000000000007213463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10de93e7076850642021-12-23 11:53:21.443root 11241100x80000000000000007213464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40229f6d9d1166662021-12-23 11:53:21.443root 11241100x80000000000000007213465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36163d4bad2bde442021-12-23 11:53:21.443root 11241100x80000000000000007213466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13e64d5a11c550b2021-12-23 11:53:21.443root 11241100x80000000000000007213467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88611f62532c1f472021-12-23 11:53:21.443root 11241100x80000000000000007213468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323a2489cbf2ace32021-12-23 11:53:21.443root 11241100x80000000000000007213469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb0ca53774ec8d2021-12-23 11:53:21.443root 11241100x80000000000000007213470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f13207066fe4032021-12-23 11:53:21.943root 11241100x80000000000000007213471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28708ef2d8ecfde12021-12-23 11:53:21.943root 11241100x80000000000000007213472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec000f5b8d411482021-12-23 11:53:21.943root 11241100x80000000000000007213473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9517e05799c15b2021-12-23 11:53:21.943root 11241100x80000000000000007213474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367a5cac75e21a942021-12-23 11:53:21.943root 11241100x80000000000000007213475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93971a1814ff761a2021-12-23 11:53:21.943root 11241100x80000000000000007213476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2649ad2f300ffa12021-12-23 11:53:21.943root 11241100x80000000000000007213477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8cea5f95e395a62021-12-23 11:53:21.943root 11241100x80000000000000007213478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d076380d3862b3b2021-12-23 11:53:21.943root 11241100x80000000000000007213479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1eca9d93845ea102021-12-23 11:53:21.943root 11241100x80000000000000007213480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e59a82e7104e922021-12-23 11:53:22.443root 11241100x80000000000000007213481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e8fbb236545ffb2021-12-23 11:53:22.443root 11241100x80000000000000007213482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498d0458d5aa8c052021-12-23 11:53:22.443root 11241100x80000000000000007213483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fa7bada415502b2021-12-23 11:53:22.443root 11241100x80000000000000007213484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c23ad6c953ba54e2021-12-23 11:53:22.443root 11241100x80000000000000007213485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a58d7a6c205a9f22021-12-23 11:53:22.443root 11241100x80000000000000007213486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b39b83169525712021-12-23 11:53:22.443root 11241100x80000000000000007213487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26959e8b35f0b32a2021-12-23 11:53:22.443root 11241100x80000000000000007213488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5053b9ede63f802021-12-23 11:53:22.443root 11241100x80000000000000007213489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca63eff3f2ee42a92021-12-23 11:53:22.443root 11241100x80000000000000007213490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33ce20bb90409122021-12-23 11:53:22.943root 11241100x80000000000000007213491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa949bb0bece364e2021-12-23 11:53:22.943root 11241100x80000000000000007213492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7db2bcecbd66612021-12-23 11:53:22.943root 11241100x80000000000000007213493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cedb0a4220849e02021-12-23 11:53:22.943root 11241100x80000000000000007213494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d5e207ce1824392021-12-23 11:53:22.943root 11241100x80000000000000007213495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4ea372dc3a786f2021-12-23 11:53:22.943root 11241100x80000000000000007213496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820bb101258ffa452021-12-23 11:53:22.943root 11241100x80000000000000007213497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fd68506de4317a2021-12-23 11:53:22.943root 11241100x80000000000000007213498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3c8c97eeae15412021-12-23 11:53:22.943root 11241100x80000000000000007213499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc6d5471d36e3e62021-12-23 11:53:22.943root 354300x80000000000000007213500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.220{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33802-false10.0.1.12-8000- 11241100x80000000000000007213501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eae868b27be57a2021-12-23 11:53:23.221root 11241100x80000000000000007213502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c5693405afd612021-12-23 11:53:23.221root 11241100x80000000000000007213503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba22eaa988dbe1cf2021-12-23 11:53:23.221root 11241100x80000000000000007213504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e541926f9b0471e82021-12-23 11:53:23.221root 11241100x80000000000000007213505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ea1c7273f4caa72021-12-23 11:53:23.221root 11241100x80000000000000007213506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18986f10ace83d182021-12-23 11:53:23.221root 11241100x80000000000000007213507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c4bb7e75e5f0ff2021-12-23 11:53:23.221root 11241100x80000000000000007213508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927eebc263741b592021-12-23 11:53:23.222root 11241100x80000000000000007213509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68417cf2f7a0fbd12021-12-23 11:53:23.222root 11241100x80000000000000007213510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53891e49a09555b2021-12-23 11:53:23.222root 11241100x80000000000000007213511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be37c89ee2177152021-12-23 11:53:23.223root 11241100x80000000000000007213512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2717e746c53484722021-12-23 11:53:23.223root 11241100x80000000000000007213513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c7718ad05a57be2021-12-23 11:53:23.223root 11241100x80000000000000007213514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ac25f4a65299482021-12-23 11:53:23.693root 11241100x80000000000000007213515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ff2779597ff0682021-12-23 11:53:23.693root 11241100x80000000000000007213516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d06496b3ffc8752021-12-23 11:53:23.693root 11241100x80000000000000007213517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcc93b3c3670db42021-12-23 11:53:23.693root 11241100x80000000000000007213518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522c23f8eed9bd872021-12-23 11:53:23.693root 11241100x80000000000000007213519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308b97f088c813a82021-12-23 11:53:23.693root 11241100x80000000000000007213520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724a5300f9b0e15c2021-12-23 11:53:23.693root 11241100x80000000000000007213521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab3aa28844dd8a2021-12-23 11:53:23.693root 11241100x80000000000000007213522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a9ef7648e6bf452021-12-23 11:53:23.693root 11241100x80000000000000007213523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b7f991ff577cb92021-12-23 11:53:23.694root 11241100x80000000000000007213524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8e61b16931a85e2021-12-23 11:53:23.694root 11241100x80000000000000007213525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcaf280e6a682d02021-12-23 11:53:24.193root 11241100x80000000000000007213526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41442edaf593f1a02021-12-23 11:53:24.193root 11241100x80000000000000007213527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8860db855ab0882021-12-23 11:53:24.193root 11241100x80000000000000007213528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e173c63c610de5a82021-12-23 11:53:24.193root 11241100x80000000000000007213529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63e54091c9ca00c2021-12-23 11:53:24.193root 11241100x80000000000000007213530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b681b2a2570e32ed2021-12-23 11:53:24.193root 11241100x80000000000000007213531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c156fbaea3e751e2021-12-23 11:53:24.193root 11241100x80000000000000007213532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dc49bed11f9d2e2021-12-23 11:53:24.193root 11241100x80000000000000007213533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f6a23e0928a3b2021-12-23 11:53:24.193root 11241100x80000000000000007213534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0123b72c62395b2021-12-23 11:53:24.194root 11241100x80000000000000007213535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f43a4fe79697d02021-12-23 11:53:24.194root 11241100x80000000000000007213536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753c135344c3f6452021-12-23 11:53:24.693root 11241100x80000000000000007213537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68983a6ab40fd8e2021-12-23 11:53:24.693root 11241100x80000000000000007213538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a324d85308a6bfba2021-12-23 11:53:24.693root 11241100x80000000000000007213539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564025343e35479a2021-12-23 11:53:24.693root 11241100x80000000000000007213540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6efe517ce5b9f02021-12-23 11:53:24.693root 11241100x80000000000000007213541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ed53434e006bcf2021-12-23 11:53:24.693root 11241100x80000000000000007213542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1797fe931c48adc2021-12-23 11:53:24.693root 11241100x80000000000000007213543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4585f8d27e76b002021-12-23 11:53:24.693root 11241100x80000000000000007213544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f62812cd31e57f2021-12-23 11:53:24.693root 11241100x80000000000000007213545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93eb4e60958a7972021-12-23 11:53:24.694root 11241100x80000000000000007213546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dedfcb75270ed92021-12-23 11:53:24.694root 11241100x80000000000000007213547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63c66dbf917cb352021-12-23 11:53:25.192root 11241100x80000000000000007213548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31895e60c85787a52021-12-23 11:53:25.193root 11241100x80000000000000007213549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eb9df70236c4882021-12-23 11:53:25.193root 11241100x80000000000000007213550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e036b1f1be8503b2021-12-23 11:53:25.193root 11241100x80000000000000007213551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cae87828f11485e2021-12-23 11:53:25.193root 11241100x80000000000000007213552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5de3deb42682d2021-12-23 11:53:25.193root 11241100x80000000000000007213553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22531007e3c07592021-12-23 11:53:25.193root 11241100x80000000000000007213554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a7d5fb924f43922021-12-23 11:53:25.194root 11241100x80000000000000007213555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f2c04864f658852021-12-23 11:53:25.194root 11241100x80000000000000007213556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b19a3efa15b46bc2021-12-23 11:53:25.194root 11241100x80000000000000007213557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3018b684b666098d2021-12-23 11:53:25.194root 11241100x80000000000000007213558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da39b6fad853a32021-12-23 11:53:25.693root 11241100x80000000000000007213559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a74be7dd36da6e2021-12-23 11:53:25.693root 11241100x80000000000000007213560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be758dbccccbaa2021-12-23 11:53:25.693root 11241100x80000000000000007213561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4ced6de71a34922021-12-23 11:53:25.693root 11241100x80000000000000007213562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2392b6e6914b9972021-12-23 11:53:25.693root 11241100x80000000000000007213563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe629161436151b2021-12-23 11:53:25.693root 11241100x80000000000000007213564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8453541f906fbd0d2021-12-23 11:53:25.693root 11241100x80000000000000007213565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05051443d14a35d2021-12-23 11:53:25.693root 11241100x80000000000000007213566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b85b6c3a3e4f5b12021-12-23 11:53:25.694root 11241100x80000000000000007213567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaacc309243e7f62021-12-23 11:53:25.694root 11241100x80000000000000007213568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07259f9a80f03c2021-12-23 11:53:25.694root 11241100x80000000000000007213569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387a6ffd26e79bd42021-12-23 11:53:26.193root 11241100x80000000000000007213570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d036373136392912021-12-23 11:53:26.193root 11241100x80000000000000007213571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038c7bcb154504bd2021-12-23 11:53:26.193root 11241100x80000000000000007213572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f2310f2d9da8f42021-12-23 11:53:26.193root 11241100x80000000000000007213573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdd48418750f2342021-12-23 11:53:26.193root 11241100x80000000000000007213574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8938eb401a62c02021-12-23 11:53:26.193root 11241100x80000000000000007213575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01561316be68acb2021-12-23 11:53:26.193root 11241100x80000000000000007213576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac10f17a47f5f972021-12-23 11:53:26.193root 11241100x80000000000000007213577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdf5c505cc192b52021-12-23 11:53:26.193root 11241100x80000000000000007213578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b690a888de01c82021-12-23 11:53:26.194root 11241100x80000000000000007213579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b461da02b7324282021-12-23 11:53:26.194root 11241100x80000000000000007213580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098b9f261c66b35c2021-12-23 11:53:26.693root 11241100x80000000000000007213581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41907b0e549bc90a2021-12-23 11:53:26.693root 11241100x80000000000000007213582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f90c6186d418282021-12-23 11:53:26.693root 11241100x80000000000000007213583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be826954ef11be072021-12-23 11:53:26.694root 11241100x80000000000000007213584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1d0902cee17192021-12-23 11:53:26.694root 11241100x80000000000000007213585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5450fc44fafeab2021-12-23 11:53:26.694root 11241100x80000000000000007213586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4b55beec1d4fa32021-12-23 11:53:26.694root 11241100x80000000000000007213587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6accfd8c770582021-12-23 11:53:26.694root 11241100x80000000000000007213588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9645b53b97684a2021-12-23 11:53:26.695root 11241100x80000000000000007213589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad0e5a6f5fce5612021-12-23 11:53:26.695root 11241100x80000000000000007213590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d2080d279a32062021-12-23 11:53:26.695root 11241100x80000000000000007213591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcee156998c697b2021-12-23 11:53:27.193root 11241100x80000000000000007213592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd19d05da19d2aa2021-12-23 11:53:27.193root 11241100x80000000000000007213593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087b14c4f85e2b872021-12-23 11:53:27.193root 11241100x80000000000000007213594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef38ed5235e8ca1b2021-12-23 11:53:27.193root 11241100x80000000000000007213595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8af8f22c7a99ede2021-12-23 11:53:27.193root 11241100x80000000000000007213596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c45576dc1aa26752021-12-23 11:53:27.193root 11241100x80000000000000007213597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ad4aeb2098b8bf2021-12-23 11:53:27.193root 11241100x80000000000000007213598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f4a391e965599f2021-12-23 11:53:27.193root 11241100x80000000000000007213599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3f627974b9847a2021-12-23 11:53:27.193root 11241100x80000000000000007213600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789437722bba4c7f2021-12-23 11:53:27.194root 11241100x80000000000000007213601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca2ccd154e6a69a2021-12-23 11:53:27.194root 11241100x80000000000000007213602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582a35d2610faf802021-12-23 11:53:27.693root 11241100x80000000000000007213603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e32517d57e8d752021-12-23 11:53:27.693root 11241100x80000000000000007213604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2a4752883dd4f52021-12-23 11:53:27.693root 11241100x80000000000000007213605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2115fc0bfe1f55f2021-12-23 11:53:27.694root 11241100x80000000000000007213606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5efe4c91103ed952021-12-23 11:53:27.694root 11241100x80000000000000007213607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a89cf65063d62f2021-12-23 11:53:27.694root 11241100x80000000000000007213608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9603280ca8142522021-12-23 11:53:27.694root 11241100x80000000000000007213609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11852f2634cba52021-12-23 11:53:27.695root 11241100x80000000000000007213610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7df7b73ce40bc92021-12-23 11:53:27.695root 11241100x80000000000000007213611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32ee29f73c811912021-12-23 11:53:27.695root 11241100x80000000000000007213612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ce17aa458181a2021-12-23 11:53:27.695root 11241100x80000000000000007213613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b2acab12ccdf652021-12-23 11:53:28.193root 11241100x80000000000000007213614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989a22aa343e64bd2021-12-23 11:53:28.193root 11241100x80000000000000007213615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d299cfce1bad60a2021-12-23 11:53:28.193root 11241100x80000000000000007213616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab34570824d51ece2021-12-23 11:53:28.193root 11241100x80000000000000007213617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301b3765c9b240252021-12-23 11:53:28.194root 11241100x80000000000000007213618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2f8038f7a659892021-12-23 11:53:28.194root 11241100x80000000000000007213619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9c601c7343d2dc2021-12-23 11:53:28.194root 11241100x80000000000000007213620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b6779a84a8ea472021-12-23 11:53:28.194root 11241100x80000000000000007213621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1a6d70936f5f0f2021-12-23 11:53:28.194root 11241100x80000000000000007213622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0d6c0fc822e7152021-12-23 11:53:28.194root 11241100x80000000000000007213623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3d0304b8cf8f212021-12-23 11:53:28.194root 11241100x80000000000000007213624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322482c9dd9879ad2021-12-23 11:53:28.693root 11241100x80000000000000007213625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea58e27fe477a412021-12-23 11:53:28.693root 11241100x80000000000000007213626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ffdd223eb2997b2021-12-23 11:53:28.693root 11241100x80000000000000007213627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c0bdaeafb863892021-12-23 11:53:28.693root 11241100x80000000000000007213628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472bccd3e68653012021-12-23 11:53:28.693root 11241100x80000000000000007213629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e568e0c8fd23ff32021-12-23 11:53:28.693root 11241100x80000000000000007213630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd909580d8123f92021-12-23 11:53:28.693root 11241100x80000000000000007213631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46a6de31cc287162021-12-23 11:53:28.693root 11241100x80000000000000007213632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8616fc451e55d62021-12-23 11:53:28.693root 11241100x80000000000000007213633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17811fac5168d12021-12-23 11:53:28.694root 11241100x80000000000000007213634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf5551abdaae5202021-12-23 11:53:28.694root 354300x80000000000000007213635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.084{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33804-false10.0.1.12-8000- 11241100x80000000000000007213636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaf26bad1d7238a2021-12-23 11:53:29.085root 11241100x80000000000000007213637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b13a3c1ecd0def82021-12-23 11:53:29.085root 11241100x80000000000000007213638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a804ecb2c99771862021-12-23 11:53:29.085root 11241100x80000000000000007213639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4efb8830d2ae7ba2021-12-23 11:53:29.085root 11241100x80000000000000007213640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d017399a673fa42021-12-23 11:53:29.085root 11241100x80000000000000007213641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941ff0cac19ccf5f2021-12-23 11:53:29.086root 11241100x80000000000000007213642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1ae703e2b1f43a2021-12-23 11:53:29.086root 11241100x80000000000000007213643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8043aa16ef7acbe72021-12-23 11:53:29.086root 11241100x80000000000000007213644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bb0571f55141432021-12-23 11:53:29.086root 11241100x80000000000000007213645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fd4f54251355f92021-12-23 11:53:29.086root 11241100x80000000000000007213646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e822706ea0fb4a952021-12-23 11:53:29.086root 11241100x80000000000000007213647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c30d2e37403f0222021-12-23 11:53:29.086root 11241100x80000000000000007213648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6740145683beb62021-12-23 11:53:29.443root 11241100x80000000000000007213649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0e8de6fbecdb8c2021-12-23 11:53:29.443root 11241100x80000000000000007213650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49184846186298d22021-12-23 11:53:29.443root 11241100x80000000000000007213651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed405e1cdff4fb352021-12-23 11:53:29.444root 11241100x80000000000000007213652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8b011b936675c22021-12-23 11:53:29.444root 11241100x80000000000000007213653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cefa7edb739b1a2021-12-23 11:53:29.444root 11241100x80000000000000007213654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4a1047430cb7062021-12-23 11:53:29.444root 11241100x80000000000000007213655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb0f3907db81e42021-12-23 11:53:29.444root 11241100x80000000000000007213656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275ea634f943f7462021-12-23 11:53:29.444root 11241100x80000000000000007213657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd63673edad3098b2021-12-23 11:53:29.445root 11241100x80000000000000007213658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155f0b3d3807f7652021-12-23 11:53:29.445root 11241100x80000000000000007213659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0c1818d8f14a982021-12-23 11:53:29.445root 11241100x80000000000000007213660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83151892adb724cc2021-12-23 11:53:29.943root 11241100x80000000000000007213661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee71934cc94328c2021-12-23 11:53:29.943root 11241100x80000000000000007213662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb48b2cd501e8e72021-12-23 11:53:29.943root 11241100x80000000000000007213663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc35faf0d7505752021-12-23 11:53:29.943root 11241100x80000000000000007213664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1a49a6f5ecfec62021-12-23 11:53:29.943root 11241100x80000000000000007213665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c40fa04f1361bc2021-12-23 11:53:29.943root 11241100x80000000000000007213666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b884160605601dc82021-12-23 11:53:29.943root 11241100x80000000000000007213667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74f13a20b20d5672021-12-23 11:53:29.944root 11241100x80000000000000007213668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24e97bf96d6d2b32021-12-23 11:53:29.944root 11241100x80000000000000007213669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c391e442292e6242021-12-23 11:53:29.944root 11241100x80000000000000007213670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa625f567e7eff92021-12-23 11:53:29.944root 11241100x80000000000000007213671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a500bad92da3c682021-12-23 11:53:29.944root 11241100x80000000000000007213672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:53:30.143root 11241100x80000000000000007213673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fed60c69cbebcb2021-12-23 11:53:30.443root 11241100x80000000000000007213674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f1e60bab2945e52021-12-23 11:53:30.443root 11241100x80000000000000007213675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe65e8e92fab1d2021-12-23 11:53:30.443root 11241100x80000000000000007213676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78acfd6f2b1b39662021-12-23 11:53:30.443root 11241100x80000000000000007213677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c4edf40efe64a82021-12-23 11:53:30.443root 11241100x80000000000000007213678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b1346b45c056152021-12-23 11:53:30.443root 11241100x80000000000000007213679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bf9b80e8bb2e932021-12-23 11:53:30.443root 11241100x80000000000000007213680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44172772ed863382021-12-23 11:53:30.443root 11241100x80000000000000007213681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b69ca21aa2c1ab92021-12-23 11:53:30.444root 11241100x80000000000000007213682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd12e0ffcc76e46b2021-12-23 11:53:30.444root 11241100x80000000000000007213683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76bd16f877ca36f2021-12-23 11:53:30.444root 11241100x80000000000000007213684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ccac4f1545d5f62021-12-23 11:53:30.444root 11241100x80000000000000007213685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18890416e0ab79172021-12-23 11:53:30.444root 11241100x80000000000000007213686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053ee515f548a3aa2021-12-23 11:53:30.942root 11241100x80000000000000007213687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef51d86d5aeef4b82021-12-23 11:53:30.943root 11241100x80000000000000007213688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda7a627161ba7b42021-12-23 11:53:30.943root 11241100x80000000000000007213689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9b71e0a183a87f2021-12-23 11:53:30.943root 11241100x80000000000000007213690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f78428ce4f9b0e52021-12-23 11:53:30.944root 11241100x80000000000000007213691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4101a986b7f03e582021-12-23 11:53:30.944root 11241100x80000000000000007213692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434be605d76ddabc2021-12-23 11:53:30.944root 11241100x80000000000000007213693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24004959d1dbdbb22021-12-23 11:53:30.944root 11241100x80000000000000007213694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dd94e34c5e04e12021-12-23 11:53:30.944root 11241100x80000000000000007213695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757053d741d9a7642021-12-23 11:53:30.945root 11241100x80000000000000007213696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d811fe5ac471dd2021-12-23 11:53:30.945root 11241100x80000000000000007213697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d320993689cb0182021-12-23 11:53:30.945root 11241100x80000000000000007213698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb3f6a4eff51f2a2021-12-23 11:53:30.945root 11241100x80000000000000007213699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbadbaff42dac2d2021-12-23 11:53:31.443root 11241100x80000000000000007213700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128ff76cc6a11e262021-12-23 11:53:31.443root 11241100x80000000000000007213701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad506f6d4c22de702021-12-23 11:53:31.444root 11241100x80000000000000007213702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bf8785aace88bb2021-12-23 11:53:31.444root 11241100x80000000000000007213703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cda256542cc6a252021-12-23 11:53:31.444root 11241100x80000000000000007213704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174eaea6dae49d7b2021-12-23 11:53:31.444root 11241100x80000000000000007213705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd38a6770097b9072021-12-23 11:53:31.444root 11241100x80000000000000007213706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0be815516e3b812021-12-23 11:53:31.444root 11241100x80000000000000007213707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6cb5ade2e937622021-12-23 11:53:31.444root 11241100x80000000000000007213708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51af0876655ab952021-12-23 11:53:31.444root 11241100x80000000000000007213709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ed08b77d6922c42021-12-23 11:53:31.444root 11241100x80000000000000007213710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecb6c47242956912021-12-23 11:53:31.444root 11241100x80000000000000007213711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e7f7c82ffcac1b2021-12-23 11:53:31.444root 11241100x80000000000000007213712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9814fb6a4074c9fa2021-12-23 11:53:31.942root 11241100x80000000000000007213713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74223f96a5ad59302021-12-23 11:53:31.943root 11241100x80000000000000007213714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50177b43a555377f2021-12-23 11:53:31.943root 11241100x80000000000000007213715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe81a6b132e044b2021-12-23 11:53:31.943root 11241100x80000000000000007213716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42da9891773e7402021-12-23 11:53:31.943root 11241100x80000000000000007213717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bad6c70d4ede5b62021-12-23 11:53:31.943root 11241100x80000000000000007213718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61dc007f381df2b2021-12-23 11:53:31.943root 11241100x80000000000000007213719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c3cbe90784f0132021-12-23 11:53:31.943root 11241100x80000000000000007213720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a339651bae20604a2021-12-23 11:53:31.943root 11241100x80000000000000007213721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072bf11d200eaf262021-12-23 11:53:31.943root 11241100x80000000000000007213722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08060e41ff6fea792021-12-23 11:53:31.943root 11241100x80000000000000007213723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23f541655e0f6852021-12-23 11:53:31.943root 11241100x80000000000000007213724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6708c9e87215a3cd2021-12-23 11:53:31.944root 11241100x80000000000000007213725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328c39be912f08732021-12-23 11:53:32.443root 11241100x80000000000000007213726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6624da0268dbed12021-12-23 11:53:32.443root 11241100x80000000000000007213727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660896f62d41ff6f2021-12-23 11:53:32.443root 11241100x80000000000000007213728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5931682eb0c7322021-12-23 11:53:32.443root 11241100x80000000000000007213729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba55d6a2446165952021-12-23 11:53:32.443root 11241100x80000000000000007213730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434e3844b54898792021-12-23 11:53:32.443root 11241100x80000000000000007213731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0667b3d8bf8aa4cf2021-12-23 11:53:32.443root 11241100x80000000000000007213732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4676aa96dd469d552021-12-23 11:53:32.443root 11241100x80000000000000007213733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb461bca5d5c8f2021-12-23 11:53:32.444root 11241100x80000000000000007213734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a328a8c467b5382021-12-23 11:53:32.444root 11241100x80000000000000007213735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895ce2a9c414cd832021-12-23 11:53:32.444root 11241100x80000000000000007213736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a02a718f52ae0f2021-12-23 11:53:32.444root 11241100x80000000000000007213737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa68a3b8379795d72021-12-23 11:53:32.444root 11241100x80000000000000007213738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a002e9ac895780b62021-12-23 11:53:32.943root 11241100x80000000000000007213739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1618f7e9896f472021-12-23 11:53:32.943root 11241100x80000000000000007213740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a82a88a9be0468a2021-12-23 11:53:32.943root 11241100x80000000000000007213741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc377689492775a2021-12-23 11:53:32.943root 11241100x80000000000000007213742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078bfb3c9694b5722021-12-23 11:53:32.943root 11241100x80000000000000007213743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820675c49b94440e2021-12-23 11:53:32.944root 11241100x80000000000000007213744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330bb37f66772f232021-12-23 11:53:32.944root 11241100x80000000000000007213745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617f78b7e505508d2021-12-23 11:53:32.944root 11241100x80000000000000007213746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed64ae6f426df8e52021-12-23 11:53:32.944root 11241100x80000000000000007213747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0507c2d4e38176292021-12-23 11:53:32.944root 11241100x80000000000000007213748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb64ac664f7bf7b22021-12-23 11:53:32.944root 11241100x80000000000000007213749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9758b85a11b0cbf2021-12-23 11:53:32.945root 11241100x80000000000000007213750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320a2d913958025c2021-12-23 11:53:32.945root 154100x80000000000000007213751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.083{ec2b6afe-633d-61c4-6884-56519e550000}5075/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000007213752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.096{ec2b6afe-633d-61c4-6884-56519e550000}5075/bin/psroot 11241100x80000000000000007213753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b667f4c91726a5fc2021-12-23 11:53:33.443root 11241100x80000000000000007213754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3405e00d089e882021-12-23 11:53:33.443root 11241100x80000000000000007213755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd96710640597c492021-12-23 11:53:33.443root 11241100x80000000000000007213756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfea2fe685c0d542021-12-23 11:53:33.443root 11241100x80000000000000007213757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b6580519d2ce8f2021-12-23 11:53:33.443root 11241100x80000000000000007213758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8228f6040c5273aa2021-12-23 11:53:33.443root 11241100x80000000000000007213759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaea9f2775810592021-12-23 11:53:33.444root 11241100x80000000000000007213760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e47a338b5f9f0d2021-12-23 11:53:33.444root 11241100x80000000000000007213761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2fc204cfb018a2021-12-23 11:53:33.444root 11241100x80000000000000007213762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4539e11d324a4db02021-12-23 11:53:33.444root 11241100x80000000000000007213763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ea58249a6cc882021-12-23 11:53:33.444root 11241100x80000000000000007213764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e63235ba22722e82021-12-23 11:53:33.444root 11241100x80000000000000007213765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa4ffdaf85be9a2021-12-23 11:53:33.444root 11241100x80000000000000007213766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6127eb09d05d54d2021-12-23 11:53:33.444root 11241100x80000000000000007213767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7f8ed11ea49c532021-12-23 11:53:33.444root 11241100x80000000000000007213768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd2efc018ea70722021-12-23 11:53:33.943root 11241100x80000000000000007213769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff3ea44a44804112021-12-23 11:53:33.943root 11241100x80000000000000007213770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1757eea511842ecf2021-12-23 11:53:33.943root 11241100x80000000000000007213771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5a437110d9c172021-12-23 11:53:33.943root 11241100x80000000000000007213772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffad88fcdc0a0e8c2021-12-23 11:53:33.943root 11241100x80000000000000007213773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2831f422fbca92762021-12-23 11:53:33.943root 11241100x80000000000000007213774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25201af374825da22021-12-23 11:53:33.944root 11241100x80000000000000007213775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd495d58f3acbb82021-12-23 11:53:33.944root 11241100x80000000000000007213776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d4192cba35b7af2021-12-23 11:53:33.944root 11241100x80000000000000007213777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a2eed641e0b9ab2021-12-23 11:53:33.944root 11241100x80000000000000007213778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309436e46026173a2021-12-23 11:53:33.944root 11241100x80000000000000007213779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ada75a0245c119e2021-12-23 11:53:33.944root 11241100x80000000000000007213780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86789f8a48b467de2021-12-23 11:53:33.944root 11241100x80000000000000007213781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24238ad11b3d4e0f2021-12-23 11:53:33.944root 11241100x80000000000000007213782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165db2e5a09a59ad2021-12-23 11:53:33.945root 354300x80000000000000007213783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33806-false10.0.1.12-8000- 11241100x80000000000000007213784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fc40d19d887c722021-12-23 11:53:34.443root 11241100x80000000000000007213785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b699a6b7aa748e2021-12-23 11:53:34.443root 11241100x80000000000000007213786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5383bfb000eb142021-12-23 11:53:34.443root 11241100x80000000000000007213787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77e561cb9f0c2812021-12-23 11:53:34.443root 11241100x80000000000000007213788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c901c56f4c6a70a82021-12-23 11:53:34.443root 11241100x80000000000000007213789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8d1348581600252021-12-23 11:53:34.443root 11241100x80000000000000007213790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1233575d68fdda4c2021-12-23 11:53:34.443root 11241100x80000000000000007213791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b546635d6d2e2d6d2021-12-23 11:53:34.443root 11241100x80000000000000007213792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd895a8fc5f0a5862021-12-23 11:53:34.444root 11241100x80000000000000007213793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1abed9881c26e2b2021-12-23 11:53:34.444root 11241100x80000000000000007213794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece55e0d0b63f37f2021-12-23 11:53:34.444root 11241100x80000000000000007213795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be3cfee1175a7632021-12-23 11:53:34.444root 11241100x80000000000000007213796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365cb5fcce326c802021-12-23 11:53:34.444root 11241100x80000000000000007213797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668eeb3110088b1c2021-12-23 11:53:34.444root 11241100x80000000000000007213798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71923a717702f7e02021-12-23 11:53:34.444root 11241100x80000000000000007213799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e3140282a426e12021-12-23 11:53:34.444root 11241100x80000000000000007213800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426357c7292857fa2021-12-23 11:53:34.943root 11241100x80000000000000007213801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe6cb1f75fbc96b2021-12-23 11:53:34.943root 11241100x80000000000000007213802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c7f4a7ed288d662021-12-23 11:53:34.943root 11241100x80000000000000007213803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab87f07d1d38c3062021-12-23 11:53:34.943root 11241100x80000000000000007213804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b19df07c0673a42021-12-23 11:53:34.943root 11241100x80000000000000007213805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20551653d4bf29a52021-12-23 11:53:34.943root 11241100x80000000000000007213806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a286a577d13095092021-12-23 11:53:34.943root 11241100x80000000000000007213807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af3b73cde16bc6e2021-12-23 11:53:34.944root 11241100x80000000000000007213808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e01ddaf2b70688b2021-12-23 11:53:34.944root 11241100x80000000000000007213809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde567cbc649c0702021-12-23 11:53:34.944root 11241100x80000000000000007213810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86a5f4c29f9da752021-12-23 11:53:34.944root 11241100x80000000000000007213811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92f994058fbf1e22021-12-23 11:53:34.944root 11241100x80000000000000007213812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be019d3e9e2a06fa2021-12-23 11:53:34.944root 11241100x80000000000000007213813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0067862d9d30ccd12021-12-23 11:53:34.944root 11241100x80000000000000007213814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d34b67e2772e4d2021-12-23 11:53:34.944root 11241100x80000000000000007213815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2f3d2fa9b98da12021-12-23 11:53:34.944root 11241100x80000000000000007213816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26c3ddda82576172021-12-23 11:53:35.443root 11241100x80000000000000007213817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89113cc94c034a6f2021-12-23 11:53:35.443root 11241100x80000000000000007213818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a7857f6663fee2021-12-23 11:53:35.443root 11241100x80000000000000007213819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79521101850172122021-12-23 11:53:35.443root 11241100x80000000000000007213820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab64030930a00cc2021-12-23 11:53:35.443root 11241100x80000000000000007213821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f67d69a390876a72021-12-23 11:53:35.444root 11241100x80000000000000007213822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca25e825c7d192382021-12-23 11:53:35.444root 11241100x80000000000000007213823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85d45acd52aed952021-12-23 11:53:35.444root 11241100x80000000000000007213824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495a1529b8c43a932021-12-23 11:53:35.444root 11241100x80000000000000007213825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423122276c3efcd12021-12-23 11:53:35.444root 11241100x80000000000000007213826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34468a829113348b2021-12-23 11:53:35.444root 11241100x80000000000000007213827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51121a0f76747aed2021-12-23 11:53:35.444root 11241100x80000000000000007213828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26a17b1967689bb2021-12-23 11:53:35.444root 11241100x80000000000000007213829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1354f89bd77be9f2021-12-23 11:53:35.444root 11241100x80000000000000007213830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d23ba169e422abe2021-12-23 11:53:35.444root 11241100x80000000000000007213831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7622127e3e46b72021-12-23 11:53:35.445root 11241100x80000000000000007213832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aee95e3debf183c2021-12-23 11:53:35.943root 11241100x80000000000000007213833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf093a6aad58f812021-12-23 11:53:35.943root 11241100x80000000000000007213834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bc9410853d15362021-12-23 11:53:35.943root 11241100x80000000000000007213835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ef95e25f9e1a8f2021-12-23 11:53:35.943root 11241100x80000000000000007213836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a796f8b6fd661822021-12-23 11:53:35.943root 11241100x80000000000000007213837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e8d167cdb5b69a2021-12-23 11:53:35.944root 11241100x80000000000000007213838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab917bcd7a379b3a2021-12-23 11:53:35.944root 11241100x80000000000000007213839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef354ed13360d53f2021-12-23 11:53:35.944root 11241100x80000000000000007213840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc69e2a25d4ebfe2021-12-23 11:53:35.944root 11241100x80000000000000007213841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a28c481f9d88ec2021-12-23 11:53:35.944root 11241100x80000000000000007213842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeb3ada26f081962021-12-23 11:53:35.944root 11241100x80000000000000007213843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5d444df3b5e6122021-12-23 11:53:35.944root 11241100x80000000000000007213844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff2640681f5ac952021-12-23 11:53:35.944root 11241100x80000000000000007213845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c8693153797b2d2021-12-23 11:53:35.944root 11241100x80000000000000007213846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c91e4816875f4c32021-12-23 11:53:35.944root 11241100x80000000000000007213847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a086be874afd612021-12-23 11:53:35.944root 23542300x80000000000000007213848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.009{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007213849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbcc5c22b79f4972021-12-23 11:53:36.443root 11241100x80000000000000007213850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1c59303cf088812021-12-23 11:53:36.443root 11241100x80000000000000007213851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729e90f79c0be04e2021-12-23 11:53:36.443root 11241100x80000000000000007213852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fcda90c024e93f2021-12-23 11:53:36.443root 11241100x80000000000000007213853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8ee98466c6e72b2021-12-23 11:53:36.443root 11241100x80000000000000007213854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1909038ee0912c82021-12-23 11:53:36.443root 11241100x80000000000000007213855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9732399b1a0980942021-12-23 11:53:36.444root 11241100x80000000000000007213856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7254d9fd8bead2352021-12-23 11:53:36.444root 11241100x80000000000000007213857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dfa9a243ded23e2021-12-23 11:53:36.444root 11241100x80000000000000007213858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b0c97375097ab52021-12-23 11:53:36.444root 11241100x80000000000000007213859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dba9f96b9f4c722021-12-23 11:53:36.444root 11241100x80000000000000007213860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007d912b04cf581c2021-12-23 11:53:36.444root 11241100x80000000000000007213861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecad494c6b0043e2021-12-23 11:53:36.444root 11241100x80000000000000007213862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4305bf9b86fb5dac2021-12-23 11:53:36.444root 11241100x80000000000000007213863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e3ccac4a2e52b92021-12-23 11:53:36.444root 11241100x80000000000000007213864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533ec393bc1355632021-12-23 11:53:36.444root 11241100x80000000000000007213865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daf9b5debdc0d6d2021-12-23 11:53:36.444root 11241100x80000000000000007213866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209f77932046b9a02021-12-23 11:53:36.943root 11241100x80000000000000007213867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5077cd2d88d5dc2021-12-23 11:53:36.943root 11241100x80000000000000007213868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db18a11f7d5e9ebb2021-12-23 11:53:36.943root 11241100x80000000000000007213869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fa3b3b70a117b42021-12-23 11:53:36.943root 11241100x80000000000000007213870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d913a3fd68e97f8b2021-12-23 11:53:36.943root 11241100x80000000000000007213871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdda857abb356f52021-12-23 11:53:36.943root 11241100x80000000000000007213872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a57b4dbf786ea092021-12-23 11:53:36.944root 11241100x80000000000000007213873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99244c39b6cc70a2021-12-23 11:53:36.944root 11241100x80000000000000007213874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44662025bda04b7e2021-12-23 11:53:36.944root 11241100x80000000000000007213875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cc54432e43206d2021-12-23 11:53:36.944root 11241100x80000000000000007213876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257643f40653e172021-12-23 11:53:36.944root 11241100x80000000000000007213877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf289fde19d48632021-12-23 11:53:36.944root 11241100x80000000000000007213878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69b996207a22f542021-12-23 11:53:36.944root 11241100x80000000000000007213879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582a84a80a4bf0342021-12-23 11:53:36.944root 11241100x80000000000000007213880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9eeac0fb49992802021-12-23 11:53:36.944root 11241100x80000000000000007213881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aef3031ea7bbdf2021-12-23 11:53:36.944root 11241100x80000000000000007213882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649ae8797902a7e2021-12-23 11:53:36.944root 11241100x80000000000000007213883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34569aa03f5cb4c2021-12-23 11:53:37.443root 11241100x80000000000000007213884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51686519aaa485562021-12-23 11:53:37.443root 11241100x80000000000000007213885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25df76afaeca4ce2021-12-23 11:53:37.443root 11241100x80000000000000007213886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430a9401c0c2a1592021-12-23 11:53:37.443root 11241100x80000000000000007213887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20720364918a6f2021-12-23 11:53:37.444root 11241100x80000000000000007213888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079015dbf60ef6582021-12-23 11:53:37.444root 11241100x80000000000000007213889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aef3771fbee8712021-12-23 11:53:37.444root 11241100x80000000000000007213890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0209a6356e596e6b2021-12-23 11:53:37.444root 11241100x80000000000000007213891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aec1e18d790a62d2021-12-23 11:53:37.444root 11241100x80000000000000007213892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5eedb734889cb2e2021-12-23 11:53:37.444root 11241100x80000000000000007213893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acf400483f4e3882021-12-23 11:53:37.444root 11241100x80000000000000007213894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6f779fc1de22c62021-12-23 11:53:37.444root 11241100x80000000000000007213895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c17b3231f9735802021-12-23 11:53:37.444root 11241100x80000000000000007213896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c84f720a2a3985b2021-12-23 11:53:37.444root 11241100x80000000000000007213897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82207ef4bf28348f2021-12-23 11:53:37.444root 11241100x80000000000000007213898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c88abf39a43a0812021-12-23 11:53:37.445root 11241100x80000000000000007213899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e8239cf390a052021-12-23 11:53:37.445root 11241100x80000000000000007213900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48403f2434de74e2021-12-23 11:53:37.943root 11241100x80000000000000007213901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a1dbf364fb4a432021-12-23 11:53:37.943root 11241100x80000000000000007213902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd923a66da18ee142021-12-23 11:53:37.943root 11241100x80000000000000007213903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2792552733e51d32021-12-23 11:53:37.944root 11241100x80000000000000007213904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8d52b3271697342021-12-23 11:53:37.944root 11241100x80000000000000007213905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e297ad90698e6362021-12-23 11:53:37.944root 11241100x80000000000000007213906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377c59842a1d13e32021-12-23 11:53:37.944root 11241100x80000000000000007213907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c37ff676db0c8412021-12-23 11:53:37.944root 11241100x80000000000000007213908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9081f9b352ca5ee2021-12-23 11:53:37.944root 11241100x80000000000000007213909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830708ff30d721d72021-12-23 11:53:37.944root 11241100x80000000000000007213910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fafa121ad277b282021-12-23 11:53:37.944root 11241100x80000000000000007213911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05488472191f7b802021-12-23 11:53:37.944root 11241100x80000000000000007213912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3552c8218cb22312021-12-23 11:53:37.944root 11241100x80000000000000007213913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0353ad5c69493712021-12-23 11:53:37.945root 11241100x80000000000000007213914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448f14cbc6dc3cf2021-12-23 11:53:37.945root 11241100x80000000000000007213915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea0ce9a7404b3322021-12-23 11:53:37.945root 11241100x80000000000000007213916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b04139ef90100672021-12-23 11:53:37.945root 11241100x80000000000000007213917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5a50f1787d2bd2021-12-23 11:53:38.443root 11241100x80000000000000007213918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223f6ebc791edf152021-12-23 11:53:38.443root 11241100x80000000000000007213919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be58f2d668109402021-12-23 11:53:38.443root 11241100x80000000000000007213920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf9dfcdbbffaef52021-12-23 11:53:38.444root 11241100x80000000000000007213921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e55fabb9feaca242021-12-23 11:53:38.444root 11241100x80000000000000007213922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0d7f6ac506cf532021-12-23 11:53:38.444root 11241100x80000000000000007213923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded94c139e0ed17f2021-12-23 11:53:38.444root 11241100x80000000000000007213924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949fe33a8bd0e7352021-12-23 11:53:38.444root 11241100x80000000000000007213925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdee346c9d206b42021-12-23 11:53:38.444root 11241100x80000000000000007213926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b2e7911422e76f2021-12-23 11:53:38.444root 11241100x80000000000000007213927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3fd9f4e1581dd62021-12-23 11:53:38.445root 11241100x80000000000000007213928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7c14173f84e44d2021-12-23 11:53:38.445root 11241100x80000000000000007213929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a706159458871ad2021-12-23 11:53:38.445root 11241100x80000000000000007213930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a649fac44c87e402021-12-23 11:53:38.445root 11241100x80000000000000007213931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eee77ae078a1b02021-12-23 11:53:38.445root 11241100x80000000000000007213932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf5d589e8d2179c2021-12-23 11:53:38.445root 11241100x80000000000000007213933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ac582b0a4e5752021-12-23 11:53:38.445root 11241100x80000000000000007213934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67383c3f9c9c97f2021-12-23 11:53:38.943root 11241100x80000000000000007213935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed545b3728ca34e32021-12-23 11:53:38.943root 11241100x80000000000000007213936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa83a1779e3415db2021-12-23 11:53:38.943root 11241100x80000000000000007213937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed80d5bb80a20c82021-12-23 11:53:38.943root 11241100x80000000000000007213938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6b95b25bb0592e2021-12-23 11:53:38.943root 11241100x80000000000000007213939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604894d833448be92021-12-23 11:53:38.944root 11241100x80000000000000007213940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588924863f6b81c02021-12-23 11:53:38.944root 11241100x80000000000000007213941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6849165ba6e730dd2021-12-23 11:53:38.944root 11241100x80000000000000007213942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301b2f4badd848832021-12-23 11:53:38.944root 11241100x80000000000000007213943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec20ac33511441b2021-12-23 11:53:38.944root 11241100x80000000000000007213944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7533d082b30ca92021-12-23 11:53:38.944root 11241100x80000000000000007213945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93688db097020dc42021-12-23 11:53:38.944root 11241100x80000000000000007213946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d146934c05203d752021-12-23 11:53:38.944root 11241100x80000000000000007213947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1606029c3b5c20af2021-12-23 11:53:38.944root 11241100x80000000000000007213948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77803baedc96d65f2021-12-23 11:53:38.944root 11241100x80000000000000007213949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1538a159a46ca8c72021-12-23 11:53:38.944root 11241100x80000000000000007213950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2e75d55cfa8172021-12-23 11:53:38.944root 354300x80000000000000007213951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.243{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33808-false10.0.1.12-8000- 11241100x80000000000000007213952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7896a675e02f407a2021-12-23 11:53:39.243root 11241100x80000000000000007213953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a2533d5801e3272021-12-23 11:53:39.244root 11241100x80000000000000007213954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457b480052e5d8422021-12-23 11:53:39.244root 11241100x80000000000000007213955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a781dc4c8f40e2021-12-23 11:53:39.244root 11241100x80000000000000007213956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12ac98cd2d52ece2021-12-23 11:53:39.244root 11241100x80000000000000007213957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab0c1f6832f2b0a2021-12-23 11:53:39.244root 11241100x80000000000000007213958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1f43692c383cf42021-12-23 11:53:39.244root 11241100x80000000000000007213959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c65b0c3992e6f072021-12-23 11:53:39.244root 11241100x80000000000000007213960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51167384a93a91d12021-12-23 11:53:39.244root 11241100x80000000000000007213961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b910be9f8794c12021-12-23 11:53:39.244root 11241100x80000000000000007213962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421365cece4b0f832021-12-23 11:53:39.244root 11241100x80000000000000007213963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe20ce0dbf1285b2021-12-23 11:53:39.244root 11241100x80000000000000007213964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4068b76be72ee92021-12-23 11:53:39.244root 11241100x80000000000000007213965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee8daafd00016b02021-12-23 11:53:39.244root 11241100x80000000000000007213966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde2cd0e272a95462021-12-23 11:53:39.245root 11241100x80000000000000007213967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa0fcdef041c7172021-12-23 11:53:39.245root 11241100x80000000000000007213968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece84fb8cfa411ba2021-12-23 11:53:39.245root 11241100x80000000000000007213969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144f2b13510eca822021-12-23 11:53:39.245root 11241100x80000000000000007213970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e685f571bf77ef572021-12-23 11:53:39.693root 11241100x80000000000000007213971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86da938a67fc582021-12-23 11:53:39.693root 11241100x80000000000000007213972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37daf487b6291f072021-12-23 11:53:39.693root 11241100x80000000000000007213973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcfa2db3780ddc52021-12-23 11:53:39.693root 11241100x80000000000000007213974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625e60323a4e84812021-12-23 11:53:39.693root 11241100x80000000000000007213975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b001415df7573b2021-12-23 11:53:39.693root 11241100x80000000000000007213976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348dfb8624e218262021-12-23 11:53:39.693root 11241100x80000000000000007213977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4b8ec293d176d92021-12-23 11:53:39.693root 11241100x80000000000000007213978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4349acec99c7b42021-12-23 11:53:39.694root 11241100x80000000000000007213979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a402103fa6d412021-12-23 11:53:39.694root 11241100x80000000000000007213980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad548df6f9bdb9412021-12-23 11:53:39.694root 11241100x80000000000000007213981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4365d7f06001dae12021-12-23 11:53:39.694root 11241100x80000000000000007213982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a17082c3a658742021-12-23 11:53:39.694root 11241100x80000000000000007213983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7b3b308534d4662021-12-23 11:53:39.695root 11241100x80000000000000007213984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1e1c82d36cdf4c2021-12-23 11:53:39.695root 11241100x80000000000000007213985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece2d23a72c1c84f2021-12-23 11:53:39.695root 11241100x80000000000000007213986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a13bd965a4256b2021-12-23 11:53:39.695root 11241100x80000000000000007213987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e24a6d5989c8762021-12-23 11:53:39.695root 11241100x80000000000000007213988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e955b83886f45802021-12-23 11:53:40.193root 11241100x80000000000000007213989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df1587deb64194d2021-12-23 11:53:40.193root 11241100x80000000000000007213990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab90cccbe97d6102021-12-23 11:53:40.194root 11241100x80000000000000007213991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c648a9175e24be02021-12-23 11:53:40.194root 11241100x80000000000000007213992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa45e027c16ba752021-12-23 11:53:40.194root 11241100x80000000000000007213993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3a383f332f19312021-12-23 11:53:40.194root 11241100x80000000000000007213994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c70d94cb84a2312021-12-23 11:53:40.194root 11241100x80000000000000007213995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9d586ecacffda82021-12-23 11:53:40.194root 11241100x80000000000000007213996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b63d3635fa67e6d2021-12-23 11:53:40.194root 11241100x80000000000000007213997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b211c70346b0512021-12-23 11:53:40.194root 11241100x80000000000000007213998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4befd8e5eb3fc4782021-12-23 11:53:40.195root 11241100x80000000000000007213999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13d89c7a9a9a1882021-12-23 11:53:40.195root 11241100x80000000000000007214000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c7fb8f61be9a772021-12-23 11:53:40.195root 11241100x80000000000000007214001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1536a554f3b921a42021-12-23 11:53:40.195root 11241100x80000000000000007214002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8d5eeb968940f82021-12-23 11:53:40.195root 11241100x80000000000000007214003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80bc3e72041ebe42021-12-23 11:53:40.195root 11241100x80000000000000007214004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f98abda8f3d8b2021-12-23 11:53:40.195root 11241100x80000000000000007214005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b794454488b7d41a2021-12-23 11:53:40.195root 11241100x80000000000000007214006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98008e2a84e2eab82021-12-23 11:53:40.693root 11241100x80000000000000007214007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f05158cf5dc0952021-12-23 11:53:40.693root 11241100x80000000000000007214008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907381612c953f5e2021-12-23 11:53:40.693root 11241100x80000000000000007214009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c0ee55465901062021-12-23 11:53:40.693root 11241100x80000000000000007214010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f866795e95c65d2021-12-23 11:53:40.694root 11241100x80000000000000007214011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cbc69539de3d512021-12-23 11:53:40.694root 11241100x80000000000000007214012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14243fd876702582021-12-23 11:53:40.694root 11241100x80000000000000007214013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee40d562aacd9982021-12-23 11:53:40.694root 11241100x80000000000000007214014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e0f9b8aa7308482021-12-23 11:53:40.694root 11241100x80000000000000007214015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ecf805937b8a982021-12-23 11:53:40.694root 11241100x80000000000000007214016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41105a228bcb8d1a2021-12-23 11:53:40.694root 11241100x80000000000000007214017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ec7115b4bf2e082021-12-23 11:53:40.694root 11241100x80000000000000007214018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066bf70be132788b2021-12-23 11:53:40.694root 11241100x80000000000000007214019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789039a2a531670b2021-12-23 11:53:40.694root 11241100x80000000000000007214020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50fa2903018805b2021-12-23 11:53:40.694root 11241100x80000000000000007214021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bf8d047a4215682021-12-23 11:53:40.694root 11241100x80000000000000007214022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea0504bb621ec792021-12-23 11:53:40.694root 11241100x80000000000000007214023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7746363cdc087a82021-12-23 11:53:40.694root 11241100x80000000000000007214024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1809c7046391385c2021-12-23 11:53:41.193root 11241100x80000000000000007214025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2542627da0f8ac972021-12-23 11:53:41.193root 11241100x80000000000000007214026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea55b100b35b61b42021-12-23 11:53:41.193root 11241100x80000000000000007214027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d18549cfd46b4d32021-12-23 11:53:41.193root 11241100x80000000000000007214028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11ff17c113d551a2021-12-23 11:53:41.193root 11241100x80000000000000007214029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bc89284aa503582021-12-23 11:53:41.193root 11241100x80000000000000007214030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9258beb969fbb64d2021-12-23 11:53:41.193root 11241100x80000000000000007214031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa5bb1a79a833b2021-12-23 11:53:41.193root 11241100x80000000000000007214032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bd952d9df9b2692021-12-23 11:53:41.194root 11241100x80000000000000007214033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670fe3179b776f822021-12-23 11:53:41.194root 11241100x80000000000000007214034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48373d698688a1f52021-12-23 11:53:41.194root 11241100x80000000000000007214035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b0cff9cae41bc42021-12-23 11:53:41.194root 11241100x80000000000000007214036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafc1211b20463cc2021-12-23 11:53:41.194root 11241100x80000000000000007214037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9c237833c462a12021-12-23 11:53:41.194root 11241100x80000000000000007214038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd6cf4f44ca62082021-12-23 11:53:41.195root 11241100x80000000000000007214039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637fed040c3cb7ea2021-12-23 11:53:41.195root 11241100x80000000000000007214040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446063084bf0d2c22021-12-23 11:53:41.195root 11241100x80000000000000007214041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ff47a2360f84002021-12-23 11:53:41.195root 11241100x80000000000000007214042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b546065536c3de02021-12-23 11:53:41.693root 11241100x80000000000000007214043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47637d32d1212752021-12-23 11:53:41.693root 11241100x80000000000000007214044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdc725a8fc4fb3f2021-12-23 11:53:41.693root 11241100x80000000000000007214045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25715c7fce0cf1422021-12-23 11:53:41.693root 11241100x80000000000000007214046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2557a0465eb60ac2021-12-23 11:53:41.693root 11241100x80000000000000007214047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8070de4f2e33de672021-12-23 11:53:41.693root 11241100x80000000000000007214048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c882ad1797204c6f2021-12-23 11:53:41.693root 11241100x80000000000000007214049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032b0ba64cc710a82021-12-23 11:53:41.693root 11241100x80000000000000007214050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2b028cdb2959642021-12-23 11:53:41.693root 11241100x80000000000000007214051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ac150b712c26c72021-12-23 11:53:41.693root 11241100x80000000000000007214052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd4ef8728b687722021-12-23 11:53:41.694root 11241100x80000000000000007214053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7023e1ee03a19832021-12-23 11:53:41.694root 11241100x80000000000000007214054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b16afc231d8f122021-12-23 11:53:41.694root 11241100x80000000000000007214055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e188e7ce0fa240a2021-12-23 11:53:41.694root 11241100x80000000000000007214056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a556ec07602f192021-12-23 11:53:41.694root 11241100x80000000000000007214057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf05b6f554dd9182021-12-23 11:53:41.694root 11241100x80000000000000007214058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe63f2682adfb272021-12-23 11:53:41.694root 11241100x80000000000000007214059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f5dfd8da9c0cd22021-12-23 11:53:41.694root 354300x80000000000000007214060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.006{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-49106-false10.0.1.12-8089- 11241100x80000000000000007214061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.006{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f186e389a1b2c22021-12-23 11:53:42.006root 11241100x80000000000000007214062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.006{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbd85552e0827fe2021-12-23 11:53:42.006root 11241100x80000000000000007214063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c7c03eb344b9b82021-12-23 11:53:42.007root 11241100x80000000000000007214064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c48c80797a50a842021-12-23 11:53:42.007root 11241100x80000000000000007214065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39c143b8f9687f2021-12-23 11:53:42.007root 11241100x80000000000000007214066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b23150024ebb7722021-12-23 11:53:42.007root 11241100x80000000000000007214067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f1d2c157d4b0392021-12-23 11:53:42.007root 11241100x80000000000000007214068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7551e8e2c3db3aa2021-12-23 11:53:42.007root 11241100x80000000000000007214069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af5cd8cd5ecb0312021-12-23 11:53:42.007root 11241100x80000000000000007214070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901dab36d0ca5a112021-12-23 11:53:42.007root 11241100x80000000000000007214071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deba203ef0451912021-12-23 11:53:42.007root 11241100x80000000000000007214072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661eabb61da7d7c52021-12-23 11:53:42.007root 11241100x80000000000000007214073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d256644aefbed32021-12-23 11:53:42.008root 11241100x80000000000000007214074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1290a583f49aab742021-12-23 11:53:42.008root 11241100x80000000000000007214075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16506de9c6f502602021-12-23 11:53:42.008root 11241100x80000000000000007214076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f49b79e8c0f302f2021-12-23 11:53:42.008root 11241100x80000000000000007214077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35312530481406c12021-12-23 11:53:42.008root 11241100x80000000000000007214078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9606ab8785a8422021-12-23 11:53:42.008root 11241100x80000000000000007214079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feb95b2131cd37c2021-12-23 11:53:42.008root 11241100x80000000000000007214080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ebd5d8839d27902021-12-23 11:53:42.008root 11241100x80000000000000007214081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d479daeb0abe6f62021-12-23 11:53:42.008root 11241100x80000000000000007214082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b22cd638c2c61432021-12-23 11:53:42.008root 11241100x80000000000000007214083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cae835958ac0f12021-12-23 11:53:42.008root 11241100x80000000000000007214084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc01a516bcb34b2021-12-23 11:53:42.009root 11241100x80000000000000007214085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811d12d67b8775fc2021-12-23 11:53:42.009root 11241100x80000000000000007214086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fb53d417b4a7662021-12-23 11:53:42.009root 11241100x80000000000000007214087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7cdc89c76e1dc62021-12-23 11:53:42.009root 11241100x80000000000000007214088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8384d774606de42021-12-23 11:53:42.009root 11241100x80000000000000007214089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec967c29a46990302021-12-23 11:53:42.009root 11241100x80000000000000007214090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12508ce633cfb2b82021-12-23 11:53:42.009root 11241100x80000000000000007214091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7a87de7cbdc4d52021-12-23 11:53:42.009root 11241100x80000000000000007214092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a49c86d07269ac2021-12-23 11:53:42.009root 11241100x80000000000000007214093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d586f095507bc22021-12-23 11:53:42.009root 11241100x80000000000000007214094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d8ba9ff77c5a242021-12-23 11:53:42.010root 11241100x80000000000000007214095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a7b773593e98dd2021-12-23 11:53:42.010root 11241100x80000000000000007214096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cbbbd73be9aff62021-12-23 11:53:42.010root 11241100x80000000000000007214097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d015bf18825c412021-12-23 11:53:42.010root 11241100x80000000000000007214098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e439d4cfe29a1ecb2021-12-23 11:53:42.010root 11241100x80000000000000007214099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ac68d2c0cb9a512021-12-23 11:53:42.010root 11241100x80000000000000007214100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab8e889ac16470a2021-12-23 11:53:42.010root 11241100x80000000000000007214101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a13e5fbd43d950b2021-12-23 11:53:42.011root 11241100x80000000000000007214102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb74195c5d2f5012021-12-23 11:53:42.011root 11241100x80000000000000007214103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6cde474284658d2021-12-23 11:53:42.011root 11241100x80000000000000007214104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1461a04952dcd622021-12-23 11:53:42.011root 11241100x80000000000000007214105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6aa86c72b2ce9a2021-12-23 11:53:42.443root 11241100x80000000000000007214106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c793f95a81c880f2021-12-23 11:53:42.443root 11241100x80000000000000007214107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f2f0f7a9bf19052021-12-23 11:53:42.443root 11241100x80000000000000007214108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cda77f17ee3b6ad2021-12-23 11:53:42.443root 11241100x80000000000000007214109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba096e0e06876dd2021-12-23 11:53:42.444root 11241100x80000000000000007214110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1450e1f77c9733092021-12-23 11:53:42.444root 11241100x80000000000000007214111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4ce6186b8c2f6a2021-12-23 11:53:42.444root 11241100x80000000000000007214112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69a25414973c3462021-12-23 11:53:42.444root 11241100x80000000000000007214113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bde24e55d00f6ff2021-12-23 11:53:42.444root 11241100x80000000000000007214114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf21f3e4b98697d32021-12-23 11:53:42.444root 11241100x80000000000000007214115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e2df5eb907802b2021-12-23 11:53:42.444root 11241100x80000000000000007214116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad46e8668a3452512021-12-23 11:53:42.444root 11241100x80000000000000007214117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aece53b20b8e71262021-12-23 11:53:42.444root 11241100x80000000000000007214118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d162bd0d9a69c27c2021-12-23 11:53:42.444root 11241100x80000000000000007214119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097d3a0d5df2bc1f2021-12-23 11:53:42.444root 11241100x80000000000000007214120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1e839cbeaec6d92021-12-23 11:53:42.444root 11241100x80000000000000007214121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0309fc7a9476dfb2021-12-23 11:53:42.444root 11241100x80000000000000007214122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21faa14ad817ce22021-12-23 11:53:42.445root 11241100x80000000000000007214123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51222c67d7dd61062021-12-23 11:53:42.445root 11241100x80000000000000007214124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b56f36337567182021-12-23 11:53:42.943root 11241100x80000000000000007214125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab3f789aa8d1d7f2021-12-23 11:53:42.943root 11241100x80000000000000007214126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e291f42ee17579a92021-12-23 11:53:42.943root 11241100x80000000000000007214127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dadad0a3cac2fd2021-12-23 11:53:42.943root 11241100x80000000000000007214128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31a8b53c0b35ea52021-12-23 11:53:42.943root 11241100x80000000000000007214129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2be8b5e1523f882021-12-23 11:53:42.943root 11241100x80000000000000007214130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c3e74f2e92cc472021-12-23 11:53:42.944root 11241100x80000000000000007214131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a215894540034b1f2021-12-23 11:53:42.944root 11241100x80000000000000007214132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c07bdc5a59fac22021-12-23 11:53:42.944root 11241100x80000000000000007214133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cce1bc2a0e40e82021-12-23 11:53:42.944root 11241100x80000000000000007214134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83949d88501b49472021-12-23 11:53:42.944root 11241100x80000000000000007214135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7b0e7a2dea12082021-12-23 11:53:42.944root 11241100x80000000000000007214136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b533d7ab36db18f72021-12-23 11:53:42.944root 11241100x80000000000000007214137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a715fcaf5232652021-12-23 11:53:42.944root 11241100x80000000000000007214138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a08da4e11068872021-12-23 11:53:42.944root 11241100x80000000000000007214139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b770d4ab83cce42021-12-23 11:53:42.944root 11241100x80000000000000007214140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329712712124115d2021-12-23 11:53:42.944root 11241100x80000000000000007214141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005999f73883e6652021-12-23 11:53:42.944root 11241100x80000000000000007214142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4b9fb6bc9c3ac12021-12-23 11:53:42.944root 11241100x80000000000000007214143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e475bc1e673f392021-12-23 11:53:43.443root 11241100x80000000000000007214144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01757f21bb7cdd0d2021-12-23 11:53:43.443root 11241100x80000000000000007214145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016d7e3aa791973c2021-12-23 11:53:43.443root 11241100x80000000000000007214146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb04ca5f47018392021-12-23 11:53:43.443root 11241100x80000000000000007214147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a16796ade4d9f92021-12-23 11:53:43.443root 11241100x80000000000000007214148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279c73261fa068672021-12-23 11:53:43.443root 11241100x80000000000000007214149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa2524b38f1c94f2021-12-23 11:53:43.443root 11241100x80000000000000007214150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940914261bff94002021-12-23 11:53:43.443root 11241100x80000000000000007214151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d298203564f83c2021-12-23 11:53:43.443root 11241100x80000000000000007214152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5e7adcb0fd78d92021-12-23 11:53:43.443root 11241100x80000000000000007214153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765852f35a37d542021-12-23 11:53:43.444root 11241100x80000000000000007214154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252586ec343095792021-12-23 11:53:43.444root 11241100x80000000000000007214155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524a593689b4f9662021-12-23 11:53:43.444root 11241100x80000000000000007214156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ddef59b5b341af2021-12-23 11:53:43.444root 11241100x80000000000000007214157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e626890041b6fb2021-12-23 11:53:43.444root 11241100x80000000000000007214158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f1707faf9838c82021-12-23 11:53:43.444root 11241100x80000000000000007214159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff560c5f4862f8f02021-12-23 11:53:43.444root 11241100x80000000000000007214160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8ea4301e8302df2021-12-23 11:53:43.444root 11241100x80000000000000007214161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e03281e730585e2021-12-23 11:53:43.444root 11241100x80000000000000007214162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc0719018352932021-12-23 11:53:43.444root 11241100x80000000000000007214163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68d2c9d4b3d9a812021-12-23 11:53:43.444root 11241100x80000000000000007214164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f256f0d8c91bd5c2021-12-23 11:53:43.445root 11241100x80000000000000007214165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e32a72fdf0102bb2021-12-23 11:53:43.445root 11241100x80000000000000007214166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb89f550a025f5342021-12-23 11:53:43.445root 11241100x80000000000000007214167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54349075eb43a1022021-12-23 11:53:43.445root 11241100x80000000000000007214168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b69ec027ae8a1d82021-12-23 11:53:43.445root 11241100x80000000000000007214169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e12b4cfa2f8499b2021-12-23 11:53:43.445root 11241100x80000000000000007214170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f06fc51425a29c2021-12-23 11:53:43.445root 11241100x80000000000000007214171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a81af7e6d362c5a2021-12-23 11:53:43.445root 11241100x80000000000000007214172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36ae03517fb583d2021-12-23 11:53:43.446root 11241100x80000000000000007214173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5b4a7d2c1b747e2021-12-23 11:53:43.446root 11241100x80000000000000007214174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf1261c2a6dbb142021-12-23 11:53:43.446root 11241100x80000000000000007214175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25c8fd317d6d7d22021-12-23 11:53:43.446root 11241100x80000000000000007214176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dc513add48e8272021-12-23 11:53:43.446root 11241100x80000000000000007214177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cc351549a383052021-12-23 11:53:43.447root 11241100x80000000000000007214178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563a31f2931b61092021-12-23 11:53:43.447root 11241100x80000000000000007214179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a961f63d8130f4e2021-12-23 11:53:43.447root 11241100x80000000000000007214180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab68ed3025584b512021-12-23 11:53:43.447root 11241100x80000000000000007214181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dfce4db1097e0b2021-12-23 11:53:43.447root 11241100x80000000000000007214182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ebeb5617e0ecf72021-12-23 11:53:43.447root 11241100x80000000000000007214183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9776d50c9dd0a63f2021-12-23 11:53:43.943root 11241100x80000000000000007214184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8781012e70564abd2021-12-23 11:53:43.943root 11241100x80000000000000007214185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5223c22b80bf892021-12-23 11:53:43.943root 11241100x80000000000000007214186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7318faf2337ef5a52021-12-23 11:53:43.943root 11241100x80000000000000007214187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecda32e688676ea2021-12-23 11:53:43.943root 11241100x80000000000000007214188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72473484b16ce8e12021-12-23 11:53:43.943root 11241100x80000000000000007214189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e964b97fc4ea6c092021-12-23 11:53:43.944root 11241100x80000000000000007214190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b5033c09a53cd42021-12-23 11:53:43.944root 11241100x80000000000000007214191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca7b58f89ab79ac2021-12-23 11:53:43.944root 11241100x80000000000000007214192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfcc9b2b110ea1b2021-12-23 11:53:43.944root 11241100x80000000000000007214193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1634ac2a62222402021-12-23 11:53:43.944root 11241100x80000000000000007214194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83598d0a0ec9c8632021-12-23 11:53:43.944root 11241100x80000000000000007214195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fa38fee2c651a62021-12-23 11:53:43.944root 11241100x80000000000000007214196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7b4d771846467f2021-12-23 11:53:43.944root 11241100x80000000000000007214197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda319a1555a3a72021-12-23 11:53:43.945root 11241100x80000000000000007214198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9456ee2a1ab9807e2021-12-23 11:53:43.945root 11241100x80000000000000007214199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e27ceef1997f702021-12-23 11:53:43.945root 11241100x80000000000000007214200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9fde224cfd25302021-12-23 11:53:43.945root 11241100x80000000000000007214201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ae9affa426fa602021-12-23 11:53:43.945root 11241100x80000000000000007214202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2728594408632fc22021-12-23 11:53:43.945root 11241100x80000000000000007214203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16966c33656224cc2021-12-23 11:53:43.945root 11241100x80000000000000007214204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aff6880ee5d16232021-12-23 11:53:43.945root 11241100x80000000000000007214205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5920980f653d1dbb2021-12-23 11:53:44.443root 11241100x80000000000000007214206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979c32713e9100c52021-12-23 11:53:44.443root 11241100x80000000000000007214207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff1440cdd8da01b2021-12-23 11:53:44.443root 11241100x80000000000000007214208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfe1de5c42cb8c12021-12-23 11:53:44.444root 11241100x80000000000000007214209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fba581793138152021-12-23 11:53:44.444root 11241100x80000000000000007214210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103ca70addfd976f2021-12-23 11:53:44.444root 11241100x80000000000000007214211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4252119e3e5eda2021-12-23 11:53:44.444root 11241100x80000000000000007214212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4f9e39e75dfd922021-12-23 11:53:44.444root 11241100x80000000000000007214213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627c0b3294fc446e2021-12-23 11:53:44.444root 11241100x80000000000000007214214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b69eb5f78e59ad72021-12-23 11:53:44.444root 11241100x80000000000000007214215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c4a2d8e1e124032021-12-23 11:53:44.444root 11241100x80000000000000007214216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aaf2fa09f06aa62021-12-23 11:53:44.444root 11241100x80000000000000007214217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af937435e607a7d12021-12-23 11:53:44.445root 11241100x80000000000000007214218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328d9c6e7a73f5812021-12-23 11:53:44.445root 11241100x80000000000000007214219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266954a3fb020d192021-12-23 11:53:44.445root 11241100x80000000000000007214220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d832f21150a2bce32021-12-23 11:53:44.445root 11241100x80000000000000007214221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab15c866902a9dc2021-12-23 11:53:44.445root 11241100x80000000000000007214222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a691bccb49962fb42021-12-23 11:53:44.445root 11241100x80000000000000007214223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd6938a67ab6842021-12-23 11:53:44.445root 11241100x80000000000000007214224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75feca4cb50f16ae2021-12-23 11:53:44.943root 11241100x80000000000000007214225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18487edbbe9dfa402021-12-23 11:53:44.943root 11241100x80000000000000007214226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa06f966aa351772021-12-23 11:53:44.943root 11241100x80000000000000007214227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36777f97541e5862021-12-23 11:53:44.944root 11241100x80000000000000007214228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a3ec69094be7b22021-12-23 11:53:44.944root 11241100x80000000000000007214229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0945579a011fdf4d2021-12-23 11:53:44.944root 11241100x80000000000000007214230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713db0a2c678f1312021-12-23 11:53:44.944root 11241100x80000000000000007214231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e3c3b85ddffb522021-12-23 11:53:44.944root 11241100x80000000000000007214232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d6478ec501202e2021-12-23 11:53:44.944root 11241100x80000000000000007214233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe8567f9b5bad6c2021-12-23 11:53:44.944root 11241100x80000000000000007214234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3936b7433aad982021-12-23 11:53:44.944root 11241100x80000000000000007214235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505b26b88f3729cd2021-12-23 11:53:44.944root 11241100x80000000000000007214236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285db958b48711cf2021-12-23 11:53:44.944root 11241100x80000000000000007214237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e7249a5038c61f2021-12-23 11:53:44.945root 11241100x80000000000000007214238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a203a429772103ae2021-12-23 11:53:44.945root 11241100x80000000000000007214239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564e9df877a552a82021-12-23 11:53:44.945root 11241100x80000000000000007214240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac179dbf96209882021-12-23 11:53:44.945root 11241100x80000000000000007214241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9610444d1bb2eed62021-12-23 11:53:44.945root 11241100x80000000000000007214242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e327842337fd0d2021-12-23 11:53:44.945root 354300x80000000000000007214243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.026{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33812-false10.0.1.12-8000- 11241100x80000000000000007214244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd101ed420451de2021-12-23 11:53:45.443root 11241100x80000000000000007214245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec431c01630142a42021-12-23 11:53:45.443root 11241100x80000000000000007214246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7527828ac1e135562021-12-23 11:53:45.443root 11241100x80000000000000007214247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37997f44f72fc6ad2021-12-23 11:53:45.443root 11241100x80000000000000007214248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092132b295f4b7bb2021-12-23 11:53:45.443root 11241100x80000000000000007214249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb39dc759047ddf2021-12-23 11:53:45.444root 11241100x80000000000000007214250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6bc90046599b4b2021-12-23 11:53:45.444root 11241100x80000000000000007214251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8ee3c2ab1b28072021-12-23 11:53:45.444root 11241100x80000000000000007214252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693d19315b0523b22021-12-23 11:53:45.444root 11241100x80000000000000007214253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741218e92c3f18152021-12-23 11:53:45.444root 11241100x80000000000000007214254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af51c15d5047eac32021-12-23 11:53:45.444root 11241100x80000000000000007214255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a710d161f303fa2021-12-23 11:53:45.444root 11241100x80000000000000007214256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e9b1586134a6672021-12-23 11:53:45.444root 11241100x80000000000000007214257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1823133d0757d6142021-12-23 11:53:45.445root 11241100x80000000000000007214258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d21378ed668d02021-12-23 11:53:45.445root 11241100x80000000000000007214259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc26503536170972021-12-23 11:53:45.445root 11241100x80000000000000007214260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2800980f67fcef2021-12-23 11:53:45.445root 11241100x80000000000000007214261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655871ae7404c9732021-12-23 11:53:45.445root 11241100x80000000000000007214262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565a4b641aaa2c032021-12-23 11:53:45.445root 11241100x80000000000000007214263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73c4ef4976ca2592021-12-23 11:53:45.445root 11241100x80000000000000007214264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab5de1c49cf2972021-12-23 11:53:45.943root 11241100x80000000000000007214265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707cfb23bcf405a02021-12-23 11:53:45.943root 11241100x80000000000000007214266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd10509587ee8182021-12-23 11:53:45.943root 11241100x80000000000000007214267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c9445a839b92f92021-12-23 11:53:45.943root 11241100x80000000000000007214268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1900cea27695df3a2021-12-23 11:53:45.944root 11241100x80000000000000007214269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8fc0fa96d1567f2021-12-23 11:53:45.944root 11241100x80000000000000007214270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336be239e971a4262021-12-23 11:53:45.944root 11241100x80000000000000007214271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477ae2b68bb69c1c2021-12-23 11:53:45.944root 11241100x80000000000000007214272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5933ef278fafa3692021-12-23 11:53:45.945root 11241100x80000000000000007214273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1f702a878a58512021-12-23 11:53:45.945root 11241100x80000000000000007214274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826455365f7308c72021-12-23 11:53:45.945root 11241100x80000000000000007214275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669996218bf6caf62021-12-23 11:53:45.945root 11241100x80000000000000007214276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588c51415813c982021-12-23 11:53:45.945root 11241100x80000000000000007214277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff43833097f19832021-12-23 11:53:45.945root 11241100x80000000000000007214278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb912b94ff4e00b2021-12-23 11:53:45.946root 11241100x80000000000000007214279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c940c959fb72062021-12-23 11:53:45.946root 11241100x80000000000000007214280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160acc9cb10418782021-12-23 11:53:45.946root 11241100x80000000000000007214281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b46d5bdab69693c2021-12-23 11:53:45.946root 11241100x80000000000000007214282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d923f6c2690d1e12021-12-23 11:53:45.946root 11241100x80000000000000007214283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e889ec93846fff42021-12-23 11:53:45.947root 11241100x80000000000000007214284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf18787b0d009992021-12-23 11:53:46.442root 11241100x80000000000000007214285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91e8762b69515b52021-12-23 11:53:46.443root 11241100x80000000000000007214286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3417317401946a2021-12-23 11:53:46.443root 11241100x80000000000000007214287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d88c0220891ad72021-12-23 11:53:46.443root 11241100x80000000000000007214288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28f72d0a49aa2172021-12-23 11:53:46.443root 11241100x80000000000000007214289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549a36786b25570f2021-12-23 11:53:46.443root 11241100x80000000000000007214290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d31988aeebc4caf2021-12-23 11:53:46.444root 11241100x80000000000000007214291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acf814fdbdd79842021-12-23 11:53:46.444root 11241100x80000000000000007214292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9162bba9ea00e6f32021-12-23 11:53:46.444root 11241100x80000000000000007214293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc4b569945817062021-12-23 11:53:46.444root 11241100x80000000000000007214294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa7997b6970bb82021-12-23 11:53:46.444root 11241100x80000000000000007214295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f77e99ccadf92572021-12-23 11:53:46.444root 11241100x80000000000000007214296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c0bf000f744ab2021-12-23 11:53:46.444root 11241100x80000000000000007214297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851928d7a01329122021-12-23 11:53:46.444root 11241100x80000000000000007214298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb205c5502b08662021-12-23 11:53:46.444root 11241100x80000000000000007214299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbdd2a9aae574e62021-12-23 11:53:46.444root 11241100x80000000000000007214300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbddb38065142982021-12-23 11:53:46.445root 11241100x80000000000000007214301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed6fa4cd9b19be22021-12-23 11:53:46.445root 11241100x80000000000000007214302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acc22dab82960a22021-12-23 11:53:46.445root 11241100x80000000000000007214303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a24a430a84e6222021-12-23 11:53:46.445root 11241100x80000000000000007214304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a1a0a2f49527332021-12-23 11:53:46.445root 11241100x80000000000000007214305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7bcb66ebb1a14e2021-12-23 11:53:46.943root 11241100x80000000000000007214306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91988dbdf3c87d32021-12-23 11:53:46.943root 11241100x80000000000000007214307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d5e1324a5ed1dd2021-12-23 11:53:46.944root 11241100x80000000000000007214308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcacdc6cc2ec5db92021-12-23 11:53:46.944root 11241100x80000000000000007214309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270f133e154597f52021-12-23 11:53:46.944root 11241100x80000000000000007214310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc7e15e220d31852021-12-23 11:53:46.944root 11241100x80000000000000007214311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccfbbaa2163445b2021-12-23 11:53:46.944root 11241100x80000000000000007214312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963f615e630f65dc2021-12-23 11:53:46.944root 11241100x80000000000000007214313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e451793eb1aa3ee92021-12-23 11:53:46.944root 11241100x80000000000000007214314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3af3c409d6d8322021-12-23 11:53:46.944root 11241100x80000000000000007214315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42a27ec69783c402021-12-23 11:53:46.944root 11241100x80000000000000007214316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecf00989f9ae0122021-12-23 11:53:46.944root 11241100x80000000000000007214317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9fc628cb76494c2021-12-23 11:53:46.944root 11241100x80000000000000007214318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1d972c36c8a7792021-12-23 11:53:46.944root 11241100x80000000000000007214319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8ebef66756a28e2021-12-23 11:53:46.944root 11241100x80000000000000007214320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e8ce1a54d57fc62021-12-23 11:53:46.944root 11241100x80000000000000007214321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5a3395dd8fff2c2021-12-23 11:53:46.944root 11241100x80000000000000007214322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2224a26af15ea652021-12-23 11:53:46.944root 11241100x80000000000000007214323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245d9bd34a28d85e2021-12-23 11:53:46.945root 11241100x80000000000000007214324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00740192c619657d2021-12-23 11:53:46.945root 11241100x80000000000000007214325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa163252540a3fb22021-12-23 11:53:47.443root 11241100x80000000000000007214326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a27a14b98981de2021-12-23 11:53:47.443root 11241100x80000000000000007214327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d7fcd249c620a2021-12-23 11:53:47.443root 11241100x80000000000000007214328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b51cbc3d74a2e822021-12-23 11:53:47.444root 11241100x80000000000000007214329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b63cce643dac5a2021-12-23 11:53:47.444root 11241100x80000000000000007214330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb4d143100531b02021-12-23 11:53:47.444root 11241100x80000000000000007214331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1625f316216c282021-12-23 11:53:47.444root 11241100x80000000000000007214332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63d96328cba77a62021-12-23 11:53:47.445root 11241100x80000000000000007214333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eab36796957bfa92021-12-23 11:53:47.445root 11241100x80000000000000007214334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641e6b61cbfe33e2021-12-23 11:53:47.445root 11241100x80000000000000007214335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c81be463aa4b8212021-12-23 11:53:47.445root 11241100x80000000000000007214336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e611a480e40167f22021-12-23 11:53:47.445root 11241100x80000000000000007214337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3019a2ef9bab262021-12-23 11:53:47.446root 11241100x80000000000000007214338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dae81759160eb32021-12-23 11:53:47.446root 11241100x80000000000000007214339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e46a840c39196fa2021-12-23 11:53:47.446root 11241100x80000000000000007214340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9d0d173a8f5e752021-12-23 11:53:47.446root 11241100x80000000000000007214341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e430ce2e6502709e2021-12-23 11:53:47.446root 11241100x80000000000000007214342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4df146e800dc4412021-12-23 11:53:47.446root 11241100x80000000000000007214343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcb27cc5480d37f2021-12-23 11:53:47.446root 11241100x80000000000000007214344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e198f7894d2b502021-12-23 11:53:47.447root 11241100x80000000000000007214345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a83040e1f3d7c2021-12-23 11:53:47.943root 11241100x80000000000000007214346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609af47280ef5e542021-12-23 11:53:47.943root 11241100x80000000000000007214347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce3d1103a2140e12021-12-23 11:53:47.944root 11241100x80000000000000007214348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cebd33bb7b67c82021-12-23 11:53:47.944root 11241100x80000000000000007214349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade9732673a8360b2021-12-23 11:53:47.944root 11241100x80000000000000007214350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a83e75b7c873cb2021-12-23 11:53:47.944root 11241100x80000000000000007214351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbbddfffcc0177b2021-12-23 11:53:47.945root 11241100x80000000000000007214352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778552723a02f8a12021-12-23 11:53:47.945root 11241100x80000000000000007214353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48229c7b7b2ca482021-12-23 11:53:47.946root 11241100x80000000000000007214354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3ee9ebd89d77572021-12-23 11:53:47.946root 11241100x80000000000000007214355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a79c30082cbbf62021-12-23 11:53:47.946root 11241100x80000000000000007214356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27299dd7c91e2a812021-12-23 11:53:47.946root 11241100x80000000000000007214357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da1510957e923c62021-12-23 11:53:47.947root 11241100x80000000000000007214358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ed336dd42d70252021-12-23 11:53:47.947root 11241100x80000000000000007214359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4bd46db950cc6b2021-12-23 11:53:47.947root 11241100x80000000000000007214360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe94970088072ab2021-12-23 11:53:47.947root 11241100x80000000000000007214361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcd7ed84c3c9c762021-12-23 11:53:47.947root 11241100x80000000000000007214362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74326044acb4ca112021-12-23 11:53:47.947root 11241100x80000000000000007214363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c59e111ad5ead432021-12-23 11:53:47.948root 11241100x80000000000000007214364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0063503b6a96ee2021-12-23 11:53:47.948root 11241100x80000000000000007214365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a1b848d4af8cc12021-12-23 11:53:48.443root 11241100x80000000000000007214366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe6249d9fcd5a22021-12-23 11:53:48.443root 11241100x80000000000000007214367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa61f2ed246f35b2021-12-23 11:53:48.443root 11241100x80000000000000007214368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745198468c37aba02021-12-23 11:53:48.443root 11241100x80000000000000007214369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05789d4e76928b682021-12-23 11:53:48.443root 11241100x80000000000000007214370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edda7bfe356e6fb2021-12-23 11:53:48.443root 11241100x80000000000000007214371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a6ee40388030342021-12-23 11:53:48.443root 11241100x80000000000000007214372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be6f9a8a40c83232021-12-23 11:53:48.443root 11241100x80000000000000007214373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054efd45d522bd7e2021-12-23 11:53:48.443root 11241100x80000000000000007214374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf1f6d961994f4a2021-12-23 11:53:48.444root 11241100x80000000000000007214375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d310f24184c4562021-12-23 11:53:48.444root 11241100x80000000000000007214376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ee7b60958284092021-12-23 11:53:48.444root 11241100x80000000000000007214377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c16eb967b479482021-12-23 11:53:48.444root 11241100x80000000000000007214378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17006a049211f0c32021-12-23 11:53:48.444root 11241100x80000000000000007214379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740c82490b106b552021-12-23 11:53:48.444root 11241100x80000000000000007214380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c47e6c43d48d67c2021-12-23 11:53:48.444root 11241100x80000000000000007214381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af90997ad2ae22f72021-12-23 11:53:48.444root 11241100x80000000000000007214382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdba8e6b531f02312021-12-23 11:53:48.445root 11241100x80000000000000007214383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6f2e4dee5cda032021-12-23 11:53:48.445root 11241100x80000000000000007214384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5d2cafd4ab2eae2021-12-23 11:53:48.445root 11241100x80000000000000007214385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280673054dd8ca752021-12-23 11:53:48.943root 11241100x80000000000000007214386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63688bc39d87abcf2021-12-23 11:53:48.943root 11241100x80000000000000007214387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e54dc72714a8fa2021-12-23 11:53:48.943root 11241100x80000000000000007214388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d712267b85d900502021-12-23 11:53:48.943root 11241100x80000000000000007214389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccafe0520535dce2021-12-23 11:53:48.944root 11241100x80000000000000007214390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076a4e9265380712021-12-23 11:53:48.944root 11241100x80000000000000007214391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7b89d3ab8efcc02021-12-23 11:53:48.944root 11241100x80000000000000007214392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc778b87089f772021-12-23 11:53:48.944root 11241100x80000000000000007214393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c9f05ddeebaf462021-12-23 11:53:48.944root 11241100x80000000000000007214394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58c346c636b75cb2021-12-23 11:53:48.944root 11241100x80000000000000007214395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a170e57405ab972f2021-12-23 11:53:48.944root 11241100x80000000000000007214396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd827622996094892021-12-23 11:53:48.944root 11241100x80000000000000007214397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c199ff783f898b072021-12-23 11:53:48.944root 11241100x80000000000000007214398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f8dc57de864f452021-12-23 11:53:48.944root 11241100x80000000000000007214399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf4018c9327d65e2021-12-23 11:53:48.944root 11241100x80000000000000007214400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85de051f0c2ed4d2021-12-23 11:53:48.944root 11241100x80000000000000007214401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a1c0a7d7ac2bc22021-12-23 11:53:48.944root 11241100x80000000000000007214402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032419537f4fefa52021-12-23 11:53:48.944root 11241100x80000000000000007214403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f527c91803c24fd2021-12-23 11:53:48.944root 11241100x80000000000000007214404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63a854ef987ceaf2021-12-23 11:53:48.944root 11241100x80000000000000007214405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69ff1ef81609fac2021-12-23 11:53:49.443root 11241100x80000000000000007214406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd1ebc17115c2232021-12-23 11:53:49.443root 11241100x80000000000000007214407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76a42702f8584702021-12-23 11:53:49.443root 11241100x80000000000000007214408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e1e0ef717a63e32021-12-23 11:53:49.443root 11241100x80000000000000007214409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa9d4923e59b5a42021-12-23 11:53:49.443root 11241100x80000000000000007214410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18da29c3fe80e6a2021-12-23 11:53:49.443root 11241100x80000000000000007214411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b4697a7eeace272021-12-23 11:53:49.443root 11241100x80000000000000007214412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae8542e22ed70d2021-12-23 11:53:49.443root 11241100x80000000000000007214413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdbd04e30a1ee812021-12-23 11:53:49.444root 11241100x80000000000000007214414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a160ee704e0af72021-12-23 11:53:49.444root 11241100x80000000000000007214415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72e8ae0b96c5e082021-12-23 11:53:49.444root 11241100x80000000000000007214416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d62393ee55593622021-12-23 11:53:49.444root 11241100x80000000000000007214417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c96e5c72d2e2752021-12-23 11:53:49.444root 11241100x80000000000000007214418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932c545502f8f1aa2021-12-23 11:53:49.444root 11241100x80000000000000007214419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca541c557dab4de2021-12-23 11:53:49.444root 11241100x80000000000000007214420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc15889441c739c82021-12-23 11:53:49.444root 11241100x80000000000000007214421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14c4cd55cc1eba12021-12-23 11:53:49.444root 11241100x80000000000000007214422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31fb063a4caa18c2021-12-23 11:53:49.444root 11241100x80000000000000007214423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7acad6707de2a72021-12-23 11:53:49.444root 11241100x80000000000000007214424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cffde340461747d2021-12-23 11:53:49.444root 11241100x80000000000000007214425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d05829a14c87252021-12-23 11:53:49.943root 11241100x80000000000000007214426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27b82ced694f93e2021-12-23 11:53:49.943root 11241100x80000000000000007214427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4a156bc33221a32021-12-23 11:53:49.943root 11241100x80000000000000007214428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee88aa7ea9ad4c062021-12-23 11:53:49.943root 11241100x80000000000000007214429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a790acb3f2221ad2021-12-23 11:53:49.943root 11241100x80000000000000007214430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796fd08a908f7dc02021-12-23 11:53:49.943root 11241100x80000000000000007214431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad149a4ae0b1a7502021-12-23 11:53:49.943root 11241100x80000000000000007214432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2f1534f4d41f042021-12-23 11:53:49.943root 11241100x80000000000000007214433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a46c148c6f828d2021-12-23 11:53:49.943root 11241100x80000000000000007214434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6b148e9a21d4cd2021-12-23 11:53:49.944root 11241100x80000000000000007214435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8676ee4745f88d102021-12-23 11:53:49.944root 11241100x80000000000000007214436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c923d928b8c698ff2021-12-23 11:53:49.944root 11241100x80000000000000007214437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6d7672789dd6ae2021-12-23 11:53:49.944root 11241100x80000000000000007214438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d1bd3f2cb0c5192021-12-23 11:53:49.944root 11241100x80000000000000007214439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf81c9c8b833e962021-12-23 11:53:49.944root 11241100x80000000000000007214440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b500546d9b72720d2021-12-23 11:53:49.944root 11241100x80000000000000007214441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e28b1e158cd88d52021-12-23 11:53:49.944root 11241100x80000000000000007214442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88779ae04b0247bb2021-12-23 11:53:49.944root 11241100x80000000000000007214443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05fdd386dae148d2021-12-23 11:53:49.944root 11241100x80000000000000007214444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80bcca8cb2307522021-12-23 11:53:49.944root 11241100x80000000000000007214445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e44d15c39366072021-12-23 11:53:49.944root 354300x80000000000000007214446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.028{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33814-false10.0.1.12-8000- 11241100x80000000000000007214447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7a94b7543b01c32021-12-23 11:53:50.443root 11241100x80000000000000007214448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542675eaa32bb8882021-12-23 11:53:50.443root 11241100x80000000000000007214449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbde401d642550122021-12-23 11:53:50.443root 11241100x80000000000000007214450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ab1fe5b95565912021-12-23 11:53:50.443root 11241100x80000000000000007214451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e623483a1432172021-12-23 11:53:50.443root 11241100x80000000000000007214452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c9b1f4dfb56a9e2021-12-23 11:53:50.443root 11241100x80000000000000007214453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2a47ae67eb816a2021-12-23 11:53:50.443root 11241100x80000000000000007214454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9f47a692c0cc0e2021-12-23 11:53:50.443root 11241100x80000000000000007214455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e31886244b8a372021-12-23 11:53:50.443root 11241100x80000000000000007214456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689ed4486280365f2021-12-23 11:53:50.444root 11241100x80000000000000007214457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d83a6eea00474e72021-12-23 11:53:50.444root 11241100x80000000000000007214458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a88022c3105b6932021-12-23 11:53:50.444root 11241100x80000000000000007214459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f11a8b1ae9e1d62021-12-23 11:53:50.444root 11241100x80000000000000007214460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03c644096a79bc12021-12-23 11:53:50.444root 11241100x80000000000000007214461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b22574f96f58d2b2021-12-23 11:53:50.445root 11241100x80000000000000007214462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abcdbde6b5e77c22021-12-23 11:53:50.445root 11241100x80000000000000007214463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ed73a185db34b62021-12-23 11:53:50.445root 11241100x80000000000000007214464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1f9a7afbe64acb2021-12-23 11:53:50.445root 11241100x80000000000000007214465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23eff1e3e45cfe862021-12-23 11:53:50.445root 11241100x80000000000000007214466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d9e1d9c0162f9a2021-12-23 11:53:50.445root 11241100x80000000000000007214467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aff0982ecc0d2602021-12-23 11:53:50.446root 11241100x80000000000000007214468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a451e19d06c1232021-12-23 11:53:50.943root 11241100x80000000000000007214469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d330eefff326a0f2021-12-23 11:53:50.943root 11241100x80000000000000007214470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641ffdf9a3fa51d82021-12-23 11:53:50.943root 11241100x80000000000000007214471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefe6859a92fd4372021-12-23 11:53:50.943root 11241100x80000000000000007214472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2a5ee4dce030e2021-12-23 11:53:50.944root 11241100x80000000000000007214473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4b0d4959697d872021-12-23 11:53:50.944root 11241100x80000000000000007214474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113745a3a866263f2021-12-23 11:53:50.944root 11241100x80000000000000007214475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90673d99740dd2e22021-12-23 11:53:50.944root 11241100x80000000000000007214476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa79296e819b1f82021-12-23 11:53:50.944root 11241100x80000000000000007214477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e791a641c1f41d0b2021-12-23 11:53:50.945root 11241100x80000000000000007214478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c9016618167fa12021-12-23 11:53:50.945root 11241100x80000000000000007214479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81386c12bfd9035f2021-12-23 11:53:50.945root 11241100x80000000000000007214480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4677e44d3d81739f2021-12-23 11:53:50.945root 11241100x80000000000000007214481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539eb8ba929c16a22021-12-23 11:53:50.945root 11241100x80000000000000007214482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc62b83d5e47887b2021-12-23 11:53:50.945root 11241100x80000000000000007214483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822c8fd49e4240552021-12-23 11:53:50.945root 11241100x80000000000000007214484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94fbad94f542772021-12-23 11:53:50.945root 11241100x80000000000000007214485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5131c4407af2c2021-12-23 11:53:50.946root 11241100x80000000000000007214486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77ffd52275bb9e2021-12-23 11:53:50.946root 11241100x80000000000000007214487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd00675d8fcedeb72021-12-23 11:53:50.946root 11241100x80000000000000007214488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f53b3b4c95a762021-12-23 11:53:50.947root 11241100x80000000000000007214489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78d5d69a47411622021-12-23 11:53:50.947root 11241100x80000000000000007214490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3260bcd7e34a30692021-12-23 11:53:51.443root 11241100x80000000000000007214491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84792a1303c4fbe2021-12-23 11:53:51.443root 11241100x80000000000000007214492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d9f792d1a66dc72021-12-23 11:53:51.443root 11241100x80000000000000007214493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01983b958bc672b2021-12-23 11:53:51.443root 11241100x80000000000000007214494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b39c697482965392021-12-23 11:53:51.443root 11241100x80000000000000007214495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d1f9c682ff928d2021-12-23 11:53:51.443root 11241100x80000000000000007214496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad2dcae08288a272021-12-23 11:53:51.443root 11241100x80000000000000007214497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9823932880fd972021-12-23 11:53:51.443root 11241100x80000000000000007214498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a45052e50b02092021-12-23 11:53:51.443root 11241100x80000000000000007214499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107de0cfb1a150ed2021-12-23 11:53:51.444root 11241100x80000000000000007214500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c399dcc8df952a2021-12-23 11:53:51.445root 11241100x80000000000000007214501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564d9e04335518c42021-12-23 11:53:51.445root 11241100x80000000000000007214502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e6ad3aeb3f85932021-12-23 11:53:51.446root 11241100x80000000000000007214503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f39c432a0fce8542021-12-23 11:53:51.446root 11241100x80000000000000007214504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7072280b1c6990ea2021-12-23 11:53:51.447root 11241100x80000000000000007214505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a82311939bbb9502021-12-23 11:53:51.448root 11241100x80000000000000007214506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddc79a008b22a0e2021-12-23 11:53:51.448root 11241100x80000000000000007214507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d936a2b7e82df82021-12-23 11:53:51.449root 11241100x80000000000000007214508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91aad160e6ac76b2021-12-23 11:53:51.449root 11241100x80000000000000007214509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc2d616fe2804632021-12-23 11:53:51.451root 11241100x80000000000000007214510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb67a91624c976432021-12-23 11:53:51.451root 11241100x80000000000000007214511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dec3de10d58fcdf2021-12-23 11:53:51.452root 11241100x80000000000000007214512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4af2018201c32692021-12-23 11:53:51.943root 11241100x80000000000000007214513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22395e8120b95c762021-12-23 11:53:51.943root 11241100x80000000000000007214514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac3f4cff3df97b42021-12-23 11:53:51.943root 11241100x80000000000000007214515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d754a1ac58dae38b2021-12-23 11:53:51.943root 11241100x80000000000000007214516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918224b7e61523702021-12-23 11:53:51.943root 11241100x80000000000000007214517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5e610151ab179f2021-12-23 11:53:51.944root 11241100x80000000000000007214518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b63760b97bdc6b2021-12-23 11:53:51.944root 11241100x80000000000000007214519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248e107fac57a9192021-12-23 11:53:51.944root 11241100x80000000000000007214520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11ab425d5334a592021-12-23 11:53:51.944root 11241100x80000000000000007214521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae7185e33cd10562021-12-23 11:53:51.944root 11241100x80000000000000007214522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e72d9d89d08394c2021-12-23 11:53:51.944root 11241100x80000000000000007214523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478e4d52105602fa2021-12-23 11:53:51.944root 11241100x80000000000000007214524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc9e86670777d3b2021-12-23 11:53:51.944root 11241100x80000000000000007214525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6285d72c9cb5c9d2021-12-23 11:53:51.944root 11241100x80000000000000007214526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f779ed78c1ac7fde2021-12-23 11:53:51.944root 11241100x80000000000000007214527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7316f50d9e1af6192021-12-23 11:53:51.944root 11241100x80000000000000007214528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bd7d51a8fdfa412021-12-23 11:53:51.945root 11241100x80000000000000007214529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26feade03ea66b662021-12-23 11:53:51.945root 11241100x80000000000000007214530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747e9673c3ee72192021-12-23 11:53:51.945root 11241100x80000000000000007214531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3156a9da55d349602021-12-23 11:53:51.945root 11241100x80000000000000007214532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1750241d03639e6c2021-12-23 11:53:51.945root 11241100x80000000000000007214533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8233937ee822795a2021-12-23 11:53:52.443root 11241100x80000000000000007214534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba1ecf12dc05c032021-12-23 11:53:52.443root 11241100x80000000000000007214535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9ccdaf842f292d2021-12-23 11:53:52.443root 11241100x80000000000000007214536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d628448c31a8fb2021-12-23 11:53:52.443root 11241100x80000000000000007214537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a860deff220de62021-12-23 11:53:52.444root 11241100x80000000000000007214538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604f144e42514f912021-12-23 11:53:52.444root 11241100x80000000000000007214539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3319cac0a96624be2021-12-23 11:53:52.444root 11241100x80000000000000007214540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21628cb86fb8fbd2021-12-23 11:53:52.444root 11241100x80000000000000007214541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6e7e2c66b2e2a62021-12-23 11:53:52.444root 11241100x80000000000000007214542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4115d5f26965ef7b2021-12-23 11:53:52.444root 11241100x80000000000000007214543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aefbb83bdcfd2962021-12-23 11:53:52.445root 11241100x80000000000000007214544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d46197bd6a92702021-12-23 11:53:52.445root 11241100x80000000000000007214545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da18e9c82c792a9d2021-12-23 11:53:52.445root 11241100x80000000000000007214546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d04781d9e47e1f2021-12-23 11:53:52.445root 11241100x80000000000000007214547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2e9a73c02863962021-12-23 11:53:52.445root 11241100x80000000000000007214548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402c4367f887fdb12021-12-23 11:53:52.445root 11241100x80000000000000007214549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da566819b420e1a82021-12-23 11:53:52.445root 11241100x80000000000000007214550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110e56353722107e2021-12-23 11:53:52.446root 11241100x80000000000000007214551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7f07ed71851c792021-12-23 11:53:52.446root 11241100x80000000000000007214552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c957f6283effa02021-12-23 11:53:52.446root 11241100x80000000000000007214553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce15694135c7d812021-12-23 11:53:52.446root 11241100x80000000000000007214554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627d3bf723d6a0142021-12-23 11:53:52.446root 11241100x80000000000000007214555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e156a5dc094924332021-12-23 11:53:52.943root 11241100x80000000000000007214556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dcd93fe7af1f7d2021-12-23 11:53:52.943root 11241100x80000000000000007214557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d23d47428066abe2021-12-23 11:53:52.943root 11241100x80000000000000007214558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735be0953f01e6c02021-12-23 11:53:52.944root 11241100x80000000000000007214559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3350770e87d1a1c32021-12-23 11:53:52.944root 11241100x80000000000000007214560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999ff72d3a2ddf852021-12-23 11:53:52.944root 11241100x80000000000000007214561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3653c7d10f75ce2021-12-23 11:53:52.945root 11241100x80000000000000007214562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76961a3186c5f02e2021-12-23 11:53:52.945root 11241100x80000000000000007214563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424f7a3243797b542021-12-23 11:53:52.945root 11241100x80000000000000007214564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd637dd92846ada22021-12-23 11:53:52.945root 11241100x80000000000000007214565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b060fe6986a4ff02021-12-23 11:53:52.945root 11241100x80000000000000007214566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cf3880af665f132021-12-23 11:53:52.945root 11241100x80000000000000007214567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed11bde7c42f1c62021-12-23 11:53:52.945root 11241100x80000000000000007214568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f6ad9145a211292021-12-23 11:53:52.945root 11241100x80000000000000007214569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430e711e042431952021-12-23 11:53:52.945root 11241100x80000000000000007214570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffbd26d72ea3aa92021-12-23 11:53:52.945root 11241100x80000000000000007214571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a72567387a201b2021-12-23 11:53:52.946root 11241100x80000000000000007214572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde48c8ba62ff672021-12-23 11:53:52.946root 11241100x80000000000000007214573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178301941857e42d2021-12-23 11:53:52.946root 11241100x80000000000000007214574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694c5449739918232021-12-23 11:53:52.946root 11241100x80000000000000007214575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022e770ea4cfdc0e2021-12-23 11:53:52.946root 11241100x80000000000000007214576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5005555a03385e352021-12-23 11:53:53.443root 11241100x80000000000000007214577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b8118251fe4f642021-12-23 11:53:53.443root 11241100x80000000000000007214578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fd94babbc2c8af2021-12-23 11:53:53.444root 11241100x80000000000000007214579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9980159275bc23ef2021-12-23 11:53:53.444root 11241100x80000000000000007214580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d980ad6a257258f12021-12-23 11:53:53.444root 11241100x80000000000000007214581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945d8ded8ab2f0b72021-12-23 11:53:53.444root 11241100x80000000000000007214582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2e2edb3ebf90a92021-12-23 11:53:53.444root 11241100x80000000000000007214583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64992455e85e4002021-12-23 11:53:53.444root 11241100x80000000000000007214584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b9a9e287ba43ba2021-12-23 11:53:53.444root 11241100x80000000000000007214585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df07616a37c2c56f2021-12-23 11:53:53.444root 11241100x80000000000000007214586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88eacc9934dbdc202021-12-23 11:53:53.444root 11241100x80000000000000007214587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738257e9e92c841b2021-12-23 11:53:53.444root 11241100x80000000000000007214588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c55b96dce992e42021-12-23 11:53:53.445root 11241100x80000000000000007214589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33231bf41768a462021-12-23 11:53:53.445root 11241100x80000000000000007214590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a2d9476a9615082021-12-23 11:53:53.445root 11241100x80000000000000007214591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840715a6add6bf52021-12-23 11:53:53.445root 11241100x80000000000000007214592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a3b012a70ae3dd2021-12-23 11:53:53.445root 11241100x80000000000000007214593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7baaaeb1d29eb62021-12-23 11:53:53.445root 11241100x80000000000000007214594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22079721557b6f1c2021-12-23 11:53:53.445root 11241100x80000000000000007214595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95d60a946dea28c2021-12-23 11:53:53.445root 11241100x80000000000000007214596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e14a55c84bd4472021-12-23 11:53:53.445root 11241100x80000000000000007214597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbebce4df41424f62021-12-23 11:53:53.942root 11241100x80000000000000007214598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8813176c12752bc52021-12-23 11:53:53.943root 11241100x80000000000000007214599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7b9eb4a3c678832021-12-23 11:53:53.943root 11241100x80000000000000007214600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6ff7652a04de9b2021-12-23 11:53:53.943root 11241100x80000000000000007214601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c89c41424dcd2512021-12-23 11:53:53.943root 11241100x80000000000000007214602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf5862b8136f5172021-12-23 11:53:53.943root 11241100x80000000000000007214603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da8e848da3687212021-12-23 11:53:53.943root 11241100x80000000000000007214604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ff157a53da0be92021-12-23 11:53:53.943root 11241100x80000000000000007214605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa6cca441cac56c2021-12-23 11:53:53.943root 11241100x80000000000000007214606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c520c6de0a6b25542021-12-23 11:53:53.943root 11241100x80000000000000007214607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247dde1adcb84b032021-12-23 11:53:53.943root 11241100x80000000000000007214608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004fd1dcd79976af2021-12-23 11:53:53.943root 11241100x80000000000000007214609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60780a4852ea69872021-12-23 11:53:53.943root 11241100x80000000000000007214610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121242850ec1a5192021-12-23 11:53:53.944root 11241100x80000000000000007214611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1672b2fc1d24dd072021-12-23 11:53:53.944root 11241100x80000000000000007214612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae8d90d7e348da82021-12-23 11:53:53.944root 11241100x80000000000000007214613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ccda5d7cbf1c062021-12-23 11:53:53.944root 11241100x80000000000000007214614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb768994c4a35e92021-12-23 11:53:53.944root 11241100x80000000000000007214615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef175d5c36c4d3142021-12-23 11:53:53.944root 11241100x80000000000000007214616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484dc96b337d818d2021-12-23 11:53:53.944root 11241100x80000000000000007214617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1961f5f1d3e8a652021-12-23 11:53:53.944root 11241100x80000000000000007214618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fd8b25bde002b92021-12-23 11:53:53.944root 11241100x80000000000000007214619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d8ce668eaef492021-12-23 11:53:54.443root 11241100x80000000000000007214620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12efabfc14e2c0002021-12-23 11:53:54.443root 11241100x80000000000000007214621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6e09492bbea4452021-12-23 11:53:54.443root 11241100x80000000000000007214622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bd13caeebd9fe12021-12-23 11:53:54.443root 11241100x80000000000000007214623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c7dce2eb49ea932021-12-23 11:53:54.443root 11241100x80000000000000007214624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e3c50af3a2d1132021-12-23 11:53:54.444root 11241100x80000000000000007214625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeffa93992e7dfc2021-12-23 11:53:54.444root 11241100x80000000000000007214626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a92cac59bb21552021-12-23 11:53:54.444root 11241100x80000000000000007214627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85b28864937eb482021-12-23 11:53:54.444root 11241100x80000000000000007214628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cb4790347cf9ad2021-12-23 11:53:54.444root 11241100x80000000000000007214629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36c625fdda476b02021-12-23 11:53:54.444root 11241100x80000000000000007214630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7a9068220d12a82021-12-23 11:53:54.444root 11241100x80000000000000007214631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd5c1bbce3abdac2021-12-23 11:53:54.444root 11241100x80000000000000007214632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7490ee2923a42b82021-12-23 11:53:54.444root 11241100x80000000000000007214633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0681e8c85517067d2021-12-23 11:53:54.444root 11241100x80000000000000007214634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ce4ab473e330192021-12-23 11:53:54.444root 11241100x80000000000000007214635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262c86ba395b28182021-12-23 11:53:54.444root 11241100x80000000000000007214636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a389f2c0abc9802021-12-23 11:53:54.444root 11241100x80000000000000007214637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c30c0e019efaa7b2021-12-23 11:53:54.444root 11241100x80000000000000007214638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e97b36fdb3dae2021-12-23 11:53:54.444root 11241100x80000000000000007214639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d558dcf27c7b072021-12-23 11:53:54.445root 11241100x80000000000000007214640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112acd8f123d69e52021-12-23 11:53:54.943root 11241100x80000000000000007214641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fed4da6df8c55032021-12-23 11:53:54.943root 11241100x80000000000000007214642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49d60ef4c215fee2021-12-23 11:53:54.943root 11241100x80000000000000007214643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc397548dc6a70c2021-12-23 11:53:54.943root 11241100x80000000000000007214644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fb71de0e2fdd862021-12-23 11:53:54.944root 11241100x80000000000000007214645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb1b2c4c2c2cb902021-12-23 11:53:54.944root 11241100x80000000000000007214646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099ccd7b65bcfdec2021-12-23 11:53:54.944root 11241100x80000000000000007214647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff975600e40b88b32021-12-23 11:53:54.944root 11241100x80000000000000007214648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7b7a8f057d50592021-12-23 11:53:54.944root 11241100x80000000000000007214649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bdce3884a92e232021-12-23 11:53:54.944root 11241100x80000000000000007214650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce7e0f755a076ab2021-12-23 11:53:54.944root 11241100x80000000000000007214651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c040134ecab03d902021-12-23 11:53:54.944root 11241100x80000000000000007214652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053a3c969eccdf682021-12-23 11:53:54.944root 11241100x80000000000000007214653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f638b97aa3e36c42021-12-23 11:53:54.944root 11241100x80000000000000007214654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18b0b792ac4b3bb2021-12-23 11:53:54.945root 11241100x80000000000000007214655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939112bc53dfc8ec2021-12-23 11:53:54.945root 11241100x80000000000000007214656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed4092670614fbe2021-12-23 11:53:54.945root 11241100x80000000000000007214657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee2be1dd29651222021-12-23 11:53:54.945root 11241100x80000000000000007214658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896d27f6673f97412021-12-23 11:53:54.945root 11241100x80000000000000007214659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3052fe077344687c2021-12-23 11:53:54.945root 11241100x80000000000000007214660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d6a577cdb928212021-12-23 11:53:54.945root 354300x80000000000000007214661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.220{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33816-false10.0.1.12-8000- 11241100x80000000000000007214662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0166e16b636742ca2021-12-23 11:53:55.221root 11241100x80000000000000007214663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe38c1f826b21e42021-12-23 11:53:55.221root 11241100x80000000000000007214664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ede722bb0352732021-12-23 11:53:55.221root 11241100x80000000000000007214665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8c8202fff9c52a2021-12-23 11:53:55.221root 11241100x80000000000000007214666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74832b4afa489d4a2021-12-23 11:53:55.221root 11241100x80000000000000007214667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce4607aacfd12d2021-12-23 11:53:55.222root 11241100x80000000000000007214668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71897c38e6191c312021-12-23 11:53:55.222root 11241100x80000000000000007214669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1ab8d93f8eefd92021-12-23 11:53:55.222root 11241100x80000000000000007214670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd64fe7f411046cb2021-12-23 11:53:55.222root 11241100x80000000000000007214671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1741cf503ee95bc42021-12-23 11:53:55.222root 11241100x80000000000000007214672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532d93f5b10b1ca12021-12-23 11:53:55.222root 11241100x80000000000000007214673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8d61ff2ca0d0932021-12-23 11:53:55.222root 11241100x80000000000000007214674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76498645c3ca5cfe2021-12-23 11:53:55.222root 11241100x80000000000000007214675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9af6db837538732021-12-23 11:53:55.223root 11241100x80000000000000007214676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e228f3454dbfbaef2021-12-23 11:53:55.223root 11241100x80000000000000007214677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00014bc5b639ead32021-12-23 11:53:55.223root 11241100x80000000000000007214678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf592e60db6111b32021-12-23 11:53:55.223root 11241100x80000000000000007214679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0f31b251232c8b2021-12-23 11:53:55.223root 11241100x80000000000000007214680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c5142bf2fcbc82021-12-23 11:53:55.223root 11241100x80000000000000007214681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796ad0041761c3102021-12-23 11:53:55.223root 11241100x80000000000000007214682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3389180d8982f7c2021-12-23 11:53:55.223root 11241100x80000000000000007214683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c88adb7133359da2021-12-23 11:53:55.223root 11241100x80000000000000007214684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2f367a2d99c53f2021-12-23 11:53:55.223root 11241100x80000000000000007214685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb82aea692aeb69a2021-12-23 11:53:55.224root 11241100x80000000000000007214686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83652fd9477463732021-12-23 11:53:55.693root 11241100x80000000000000007214687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cea60b98e401882021-12-23 11:53:55.693root 11241100x80000000000000007214688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8089cddcc7ed8c702021-12-23 11:53:55.693root 11241100x80000000000000007214689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632f91bf461d1002021-12-23 11:53:55.693root 11241100x80000000000000007214690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cfe5a29ae56be62021-12-23 11:53:55.693root 11241100x80000000000000007214691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13980cb0a1a2d862021-12-23 11:53:55.693root 11241100x80000000000000007214692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eafa0b0061fccb12021-12-23 11:53:55.693root 11241100x80000000000000007214693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdf4e6365ef52242021-12-23 11:53:55.693root 11241100x80000000000000007214694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f154b03367bd6d2021-12-23 11:53:55.693root 11241100x80000000000000007214695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df91620843947212021-12-23 11:53:55.694root 11241100x80000000000000007214696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da42fbaba173c61d2021-12-23 11:53:55.694root 11241100x80000000000000007214697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5849ed1fc00f99ea2021-12-23 11:53:55.694root 11241100x80000000000000007214698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc843ef3b363c80e2021-12-23 11:53:55.694root 11241100x80000000000000007214699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2247f67fd3e97c872021-12-23 11:53:55.694root 11241100x80000000000000007214700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee3332388b0b4552021-12-23 11:53:55.694root 11241100x80000000000000007214701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b5b9cc4c3400e2021-12-23 11:53:55.694root 11241100x80000000000000007214702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad228a1014201dab2021-12-23 11:53:55.694root 11241100x80000000000000007214703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c911324aec782d82021-12-23 11:53:55.694root 11241100x80000000000000007214704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c552614276e1ffa2021-12-23 11:53:55.694root 11241100x80000000000000007214705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9fa5a423e519a22021-12-23 11:53:55.694root 11241100x80000000000000007214706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13929ceed827ba752021-12-23 11:53:55.695root 11241100x80000000000000007214707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e3f042d4af18452021-12-23 11:53:55.695root 11241100x80000000000000007214708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c89caf5898222142021-12-23 11:53:55.695root 11241100x80000000000000007214709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2655d68a780ff02021-12-23 11:53:55.695root 11241100x80000000000000007214710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4814b08197f6f8432021-12-23 11:53:56.193root 11241100x80000000000000007214711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7c4c60a9948f622021-12-23 11:53:56.193root 11241100x80000000000000007214712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f839c7d6e14f0c9f2021-12-23 11:53:56.193root 11241100x80000000000000007214713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8309508e3ce268722021-12-23 11:53:56.193root 11241100x80000000000000007214714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53473773a6553ff32021-12-23 11:53:56.193root 11241100x80000000000000007214715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bda9bc9ea04c472021-12-23 11:53:56.193root 11241100x80000000000000007214716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c443c5f908ad6a2021-12-23 11:53:56.193root 11241100x80000000000000007214717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6413eceb2d324e62021-12-23 11:53:56.194root 11241100x80000000000000007214718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f06285673071d362021-12-23 11:53:56.194root 11241100x80000000000000007214719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef0fe0e60e0cd262021-12-23 11:53:56.194root 11241100x80000000000000007214720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63305eaf9290df792021-12-23 11:53:56.194root 11241100x80000000000000007214721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480e27c2ada9b5e92021-12-23 11:53:56.194root 11241100x80000000000000007214722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92d6578dbb731442021-12-23 11:53:56.194root 11241100x80000000000000007214723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9310512028b1a7b42021-12-23 11:53:56.194root 11241100x80000000000000007214724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b66cdf17dcd261c2021-12-23 11:53:56.194root 11241100x80000000000000007214725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed795348fa4cbe6c2021-12-23 11:53:56.194root 11241100x80000000000000007214726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d13598fc2c38f52021-12-23 11:53:56.194root 11241100x80000000000000007214727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d24f2f1a5d68b402021-12-23 11:53:56.194root 11241100x80000000000000007214728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82b41c8ff2308d22021-12-23 11:53:56.194root 11241100x80000000000000007214729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e1c0477eae4bb12021-12-23 11:53:56.195root 11241100x80000000000000007214730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39320ef634a57f52021-12-23 11:53:56.195root 11241100x80000000000000007214731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e935979e58591b2021-12-23 11:53:56.195root 11241100x80000000000000007214732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fc4f615bb8a6ef2021-12-23 11:53:56.693root 11241100x80000000000000007214733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead022f51cba3aac2021-12-23 11:53:56.693root 11241100x80000000000000007214734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7498854e184d7ba2021-12-23 11:53:56.693root 11241100x80000000000000007214735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c251159b82c982712021-12-23 11:53:56.693root 11241100x80000000000000007214736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8953de58064cbbba2021-12-23 11:53:56.693root 11241100x80000000000000007214737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fe9963e64d0d62021-12-23 11:53:56.693root 11241100x80000000000000007214738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeef1302a5b55552021-12-23 11:53:56.694root 11241100x80000000000000007214739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac829f7bdd75420a2021-12-23 11:53:56.694root 11241100x80000000000000007214740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35992eab24b232b72021-12-23 11:53:56.694root 11241100x80000000000000007214741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2e2c3f65c328882021-12-23 11:53:56.694root 11241100x80000000000000007214742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810f8b260fbf5c3e2021-12-23 11:53:56.694root 11241100x80000000000000007214743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa25d50746ba4632021-12-23 11:53:56.694root 11241100x80000000000000007214744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9ff84c5ae7f2312021-12-23 11:53:56.694root 11241100x80000000000000007214745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf19075fcc7a36d2021-12-23 11:53:56.694root 11241100x80000000000000007214746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228004f2ddcd32e2021-12-23 11:53:56.694root 11241100x80000000000000007214747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcd26caf5d0f24e2021-12-23 11:53:56.694root 11241100x80000000000000007214748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42c63db41c8bfb12021-12-23 11:53:56.694root 11241100x80000000000000007214749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee1f80822f2cd252021-12-23 11:53:56.695root 11241100x80000000000000007214750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7498ed4fac5860b12021-12-23 11:53:56.695root 11241100x80000000000000007214751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedac36add93115c2021-12-23 11:53:56.695root 11241100x80000000000000007214752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1560533a63cc7d2f2021-12-23 11:53:56.695root 11241100x80000000000000007214753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aa33aad320f1222021-12-23 11:53:56.695root 11241100x80000000000000007214754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0524c5bebe5fd6082021-12-23 11:53:56.695root 11241100x80000000000000007214755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d6f23b127466bf2021-12-23 11:53:57.193root 11241100x80000000000000007214756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300cfcc805920dde2021-12-23 11:53:57.193root 11241100x80000000000000007214757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f44392a6dca8e12021-12-23 11:53:57.193root 11241100x80000000000000007214758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6762cf7182df6e732021-12-23 11:53:57.193root 11241100x80000000000000007214759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440b801a449aeaf92021-12-23 11:53:57.193root 11241100x80000000000000007214760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d856d6145400292021-12-23 11:53:57.193root 11241100x80000000000000007214761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1420daed68c6dc42021-12-23 11:53:57.193root 11241100x80000000000000007214762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2cdc926cdcad522021-12-23 11:53:57.193root 11241100x80000000000000007214763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafb1f2a120eeec12021-12-23 11:53:57.194root 11241100x80000000000000007214764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463319d7c88218342021-12-23 11:53:57.194root 11241100x80000000000000007214765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a656ed6bccbd293a2021-12-23 11:53:57.194root 11241100x80000000000000007214766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25dba291db4fc982021-12-23 11:53:57.194root 11241100x80000000000000007214767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1a01e7ef868c2c2021-12-23 11:53:57.194root 11241100x80000000000000007214768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f0d8a764e86d82021-12-23 11:53:57.194root 11241100x80000000000000007214769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e567b721e43ae7032021-12-23 11:53:57.194root 11241100x80000000000000007214770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c2b2a9b28837882021-12-23 11:53:57.194root 11241100x80000000000000007214771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15edeb49c5f624c32021-12-23 11:53:57.194root 11241100x80000000000000007214772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc02a954f884788e2021-12-23 11:53:57.194root 11241100x80000000000000007214773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3501214679c8727e2021-12-23 11:53:57.195root 11241100x80000000000000007214774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2155605af305162021-12-23 11:53:57.195root 11241100x80000000000000007214775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5d59a9a26d636f2021-12-23 11:53:57.195root 11241100x80000000000000007214776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a44e6b1386998cf2021-12-23 11:53:57.195root 11241100x80000000000000007214777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1968db8fd7c7cdf52021-12-23 11:53:57.693root 11241100x80000000000000007214778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376015fc55aa9dfa2021-12-23 11:53:57.694root 11241100x80000000000000007214779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c67d1802ae270802021-12-23 11:53:57.694root 11241100x80000000000000007214780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e144e7a9981eef32021-12-23 11:53:57.694root 11241100x80000000000000007214781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27fecf3c7e7f8482021-12-23 11:53:57.694root 11241100x80000000000000007214782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92be951601ad71c2021-12-23 11:53:57.694root 11241100x80000000000000007214783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4386be37d718a63f2021-12-23 11:53:57.694root 11241100x80000000000000007214784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0c462554e03ba62021-12-23 11:53:57.695root 11241100x80000000000000007214785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280691bc22e34bb2021-12-23 11:53:57.695root 11241100x80000000000000007214786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3234a0429b63b872021-12-23 11:53:57.695root 11241100x80000000000000007214787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0c5c99fc501a9d2021-12-23 11:53:57.695root 11241100x80000000000000007214788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02580b29e63bc8612021-12-23 11:53:57.695root 11241100x80000000000000007214789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c0cd6a883a66322021-12-23 11:53:57.695root 11241100x80000000000000007214790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab71196856c5dc72021-12-23 11:53:57.695root 11241100x80000000000000007214791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5caa2ecd0d56792021-12-23 11:53:57.695root 11241100x80000000000000007214792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8430b3270f5607d92021-12-23 11:53:57.696root 11241100x80000000000000007214793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb06d683abc8714c2021-12-23 11:53:57.696root 11241100x80000000000000007214794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd63024faa328af2021-12-23 11:53:57.696root 11241100x80000000000000007214795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027ade05fcb9ff522021-12-23 11:53:57.696root 11241100x80000000000000007214796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2a168d277331212021-12-23 11:53:57.696root 11241100x80000000000000007214797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14f6f869e12f1932021-12-23 11:53:57.696root 11241100x80000000000000007214798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eaa382fc355d822021-12-23 11:53:57.696root 11241100x80000000000000007214799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db46b236230c0d62021-12-23 11:53:58.193root 11241100x80000000000000007214800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c47036eae210642021-12-23 11:53:58.193root 11241100x80000000000000007214801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe545dd2677ed422021-12-23 11:53:58.194root 11241100x80000000000000007214802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70667350dade550d2021-12-23 11:53:58.194root 11241100x80000000000000007214803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3227d554efd47702021-12-23 11:53:58.194root 11241100x80000000000000007214804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e7ff93a3022cd32021-12-23 11:53:58.194root 11241100x80000000000000007214805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dbe8532cb7369e2021-12-23 11:53:58.194root 11241100x80000000000000007214806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0335af273dcf98612021-12-23 11:53:58.194root 11241100x80000000000000007214807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8823d711b8e7da8d2021-12-23 11:53:58.194root 11241100x80000000000000007214808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54e03a7ebfa50762021-12-23 11:53:58.194root 11241100x80000000000000007214809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845a834ab2ac750d2021-12-23 11:53:58.194root 11241100x80000000000000007214810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d8dcdd094971512021-12-23 11:53:58.194root 11241100x80000000000000007214811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d6343f45c4d97a2021-12-23 11:53:58.194root 11241100x80000000000000007214812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f71bf235f599a72021-12-23 11:53:58.194root 11241100x80000000000000007214813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f58e43e2f34f8942021-12-23 11:53:58.194root 11241100x80000000000000007214814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8beeafd8fe3d5582021-12-23 11:53:58.194root 11241100x80000000000000007214815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932edf28acadc0472021-12-23 11:53:58.194root 11241100x80000000000000007214816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d617ce41c98e47752021-12-23 11:53:58.195root 11241100x80000000000000007214817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9024d6785996c232021-12-23 11:53:58.195root 11241100x80000000000000007214818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0c91fb7e2d07652021-12-23 11:53:58.195root 11241100x80000000000000007214819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e08e09ecab1d702021-12-23 11:53:58.195root 11241100x80000000000000007214820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27a45fec5609c512021-12-23 11:53:58.195root 11241100x80000000000000007214821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dec1cc27c964f52021-12-23 11:53:58.693root 11241100x80000000000000007214822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2b1eba1e32bd3f2021-12-23 11:53:58.693root 11241100x80000000000000007214823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa88add92f2927e12021-12-23 11:53:58.693root 11241100x80000000000000007214824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964ed8baf3f39b282021-12-23 11:53:58.693root 11241100x80000000000000007214825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321e053e60afb7932021-12-23 11:53:58.693root 11241100x80000000000000007214826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2608031baba08c82021-12-23 11:53:58.693root 11241100x80000000000000007214827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494e3fbc8ba2038c2021-12-23 11:53:58.693root 11241100x80000000000000007214828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd460e8e33be1e252021-12-23 11:53:58.693root 11241100x80000000000000007214829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e501afe750a1a61a2021-12-23 11:53:58.693root 11241100x80000000000000007214830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263f6f9f83ee6f1e2021-12-23 11:53:58.693root 11241100x80000000000000007214831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0171d665546ce1272021-12-23 11:53:58.693root 11241100x80000000000000007214832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1e2d220e638d8d2021-12-23 11:53:58.693root 11241100x80000000000000007214833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda35ecae5a1d44b2021-12-23 11:53:58.693root 11241100x80000000000000007214834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55663d452dd26b852021-12-23 11:53:58.694root 11241100x80000000000000007214835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabdc4beff4eb67e2021-12-23 11:53:58.694root 11241100x80000000000000007214836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542db0e37f01c57e2021-12-23 11:53:58.694root 11241100x80000000000000007214837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16370cbe8ddf18192021-12-23 11:53:58.694root 11241100x80000000000000007214838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4c40c2b616db752021-12-23 11:53:58.694root 11241100x80000000000000007214839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761e2368b79cbdc2021-12-23 11:53:58.694root 11241100x80000000000000007214840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140dea516b188a342021-12-23 11:53:58.694root 11241100x80000000000000007214841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0804cd8b67059742021-12-23 11:53:58.694root 11241100x80000000000000007214842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17fd354943cc31c2021-12-23 11:53:58.694root 11241100x80000000000000007214843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6b22bc1f0916122021-12-23 11:53:58.694root 11241100x80000000000000007214844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ade493e4a282c982021-12-23 11:53:59.193root 11241100x80000000000000007214845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3c031849f4413f2021-12-23 11:53:59.193root 11241100x80000000000000007214846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2888ada1ae5ee22021-12-23 11:53:59.193root 11241100x80000000000000007214847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0956017debd3f212021-12-23 11:53:59.193root 11241100x80000000000000007214848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7b0b4fa84d1b852021-12-23 11:53:59.193root 11241100x80000000000000007214849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3a2be440b437fa2021-12-23 11:53:59.193root 11241100x80000000000000007214850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a74b9703bc65cd2021-12-23 11:53:59.193root 11241100x80000000000000007214851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc6272d41d1676f2021-12-23 11:53:59.194root 11241100x80000000000000007214852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b127dbc72924452021-12-23 11:53:59.194root 11241100x80000000000000007214853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55145028ccc55802021-12-23 11:53:59.194root 11241100x80000000000000007214854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b3792d667ec6292021-12-23 11:53:59.194root 11241100x80000000000000007214855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d18bad0963f8cd02021-12-23 11:53:59.194root 11241100x80000000000000007214856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b297d7a8f3069542021-12-23 11:53:59.194root 11241100x80000000000000007214857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a5177b308aa302021-12-23 11:53:59.194root 11241100x80000000000000007214858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e522e957fb798c2021-12-23 11:53:59.194root 11241100x80000000000000007214859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3fd63db14e66232021-12-23 11:53:59.194root 11241100x80000000000000007214860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe4726c3128958e2021-12-23 11:53:59.194root 11241100x80000000000000007214861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3cfadb0f05dbeb2021-12-23 11:53:59.194root 11241100x80000000000000007214862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020b7495e6c351152021-12-23 11:53:59.194root 11241100x80000000000000007214863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbfa71030ec8efe2021-12-23 11:53:59.195root 11241100x80000000000000007214864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819df4b502aa91b02021-12-23 11:53:59.195root 11241100x80000000000000007214865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea335994ddace032021-12-23 11:53:59.195root 11241100x80000000000000007214866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cc6f5c96da825a2021-12-23 11:53:59.693root 11241100x80000000000000007214867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16227679818d9e172021-12-23 11:53:59.693root 11241100x80000000000000007214868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066e4a7fc0fa9f892021-12-23 11:53:59.693root 11241100x80000000000000007214869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc18df8834be78a92021-12-23 11:53:59.693root 11241100x80000000000000007214870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea82f5c6eae163d2021-12-23 11:53:59.693root 11241100x80000000000000007214871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05e2fb52a684e782021-12-23 11:53:59.693root 11241100x80000000000000007214872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c36b6ed456a0ac2021-12-23 11:53:59.693root 11241100x80000000000000007214873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d974b6bc6ba52e2021-12-23 11:53:59.693root 11241100x80000000000000007214874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08ec3411f1a592e2021-12-23 11:53:59.694root 11241100x80000000000000007214875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff968324dcdcf3c2021-12-23 11:53:59.694root 11241100x80000000000000007214876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de7a030241165ca2021-12-23 11:53:59.694root 11241100x80000000000000007214877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4febf18bc3dd41fd2021-12-23 11:53:59.694root 11241100x80000000000000007214878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a59d3a167233702021-12-23 11:53:59.694root 11241100x80000000000000007214879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec9b9fba7615f562021-12-23 11:53:59.694root 11241100x80000000000000007214880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb5e8eefaa6bf0f2021-12-23 11:53:59.694root 11241100x80000000000000007214881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f05a836bb0f1142021-12-23 11:53:59.694root 11241100x80000000000000007214882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc4a93b290814e2021-12-23 11:53:59.694root 11241100x80000000000000007214883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a0323d2a1a8a7c2021-12-23 11:53:59.694root 11241100x80000000000000007214884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1748f213fe42368d2021-12-23 11:53:59.694root 11241100x80000000000000007214885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbdb0fb163287892021-12-23 11:53:59.694root 11241100x80000000000000007214886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59d54378f8db2e32021-12-23 11:53:59.694root 11241100x80000000000000007214887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:53:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af6428850d951712021-12-23 11:53:59.694root 11241100x80000000000000007214888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:54:00.142root 11241100x80000000000000007214889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f7de56718cbfce2021-12-23 11:54:00.143root 11241100x80000000000000007214890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55767923a527eec92021-12-23 11:54:00.143root 11241100x80000000000000007214891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c29264565cf7b1a2021-12-23 11:54:00.143root 11241100x80000000000000007214892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1581ac78bca889ac2021-12-23 11:54:00.143root 11241100x80000000000000007214893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1171e60b44c1b7602021-12-23 11:54:00.143root 11241100x80000000000000007214894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf531e0e2f23b072021-12-23 11:54:00.144root 11241100x80000000000000007214895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4db16db8bf41552021-12-23 11:54:00.144root 11241100x80000000000000007214896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255c5d5a8f691f822021-12-23 11:54:00.144root 11241100x80000000000000007214897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2449012981a25e972021-12-23 11:54:00.144root 11241100x80000000000000007214898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76215f102d56c6a2021-12-23 11:54:00.144root 11241100x80000000000000007214899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0923f7924a5cb52021-12-23 11:54:00.144root 11241100x80000000000000007214900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107486dcac385daf2021-12-23 11:54:00.144root 11241100x80000000000000007214901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550e0015144cd8372021-12-23 11:54:00.144root 11241100x80000000000000007214902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7430324a22def1162021-12-23 11:54:00.144root 11241100x80000000000000007214903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe48f34416a142aa2021-12-23 11:54:00.144root 11241100x80000000000000007214904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ac37e33c8534462021-12-23 11:54:00.144root 11241100x80000000000000007214905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738f372269f01fe32021-12-23 11:54:00.144root 11241100x80000000000000007214906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e078fadf6e2d322021-12-23 11:54:00.144root 11241100x80000000000000007214907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6281015eed5590432021-12-23 11:54:00.144root 11241100x80000000000000007214908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97357c17c0e938652021-12-23 11:54:00.144root 11241100x80000000000000007214909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a25e7b9fc7e50892021-12-23 11:54:00.145root 11241100x80000000000000007214910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047c9f40c06df9aa2021-12-23 11:54:00.145root 11241100x80000000000000007214911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d880da1600fe57e32021-12-23 11:54:00.145root 11241100x80000000000000007214912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48550811decdc81d2021-12-23 11:54:00.145root 11241100x80000000000000007214913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b2f8c99e52ff712021-12-23 11:54:00.145root 11241100x80000000000000007214914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d8b5c5b9917b262021-12-23 11:54:00.145root 11241100x80000000000000007214915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f509b8db2d12ed52021-12-23 11:54:00.145root 354300x80000000000000007214916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.259{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33818-false10.0.1.12-8000- 11241100x80000000000000007214917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14bf65094eecba52021-12-23 11:54:00.443root 11241100x80000000000000007214918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29351c7beefee3f22021-12-23 11:54:00.443root 11241100x80000000000000007214919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738420be75c1636d2021-12-23 11:54:00.443root 11241100x80000000000000007214920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1987bb746a3727192021-12-23 11:54:00.443root 11241100x80000000000000007214921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55960789b61b75df2021-12-23 11:54:00.443root 11241100x80000000000000007214922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1826982b262ad4642021-12-23 11:54:00.443root 11241100x80000000000000007214923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723da26deab193002021-12-23 11:54:00.443root 11241100x80000000000000007214924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5ef3f93b4c752b2021-12-23 11:54:00.443root 11241100x80000000000000007214925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaa9f155af355af2021-12-23 11:54:00.443root 11241100x80000000000000007214926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c903dadac4750b1f2021-12-23 11:54:00.443root 11241100x80000000000000007214927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae4a35172d86792021-12-23 11:54:00.443root 11241100x80000000000000007214928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942e2d7595e9859e2021-12-23 11:54:00.444root 11241100x80000000000000007214929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678fbd5fb245801e2021-12-23 11:54:00.444root 11241100x80000000000000007214930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ffc49572527e902021-12-23 11:54:00.444root 11241100x80000000000000007214931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f829c647a8d0c7632021-12-23 11:54:00.444root 11241100x80000000000000007214932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb294029df08c52021-12-23 11:54:00.444root 11241100x80000000000000007214933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85dd95b36118e682021-12-23 11:54:00.444root 11241100x80000000000000007214934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d34cef9b02dee012021-12-23 11:54:00.444root 11241100x80000000000000007214935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081dbb046707357e2021-12-23 11:54:00.444root 11241100x80000000000000007214936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b4d086e0efef12021-12-23 11:54:00.444root 11241100x80000000000000007214937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf752b6ad7e330262021-12-23 11:54:00.444root 11241100x80000000000000007214938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de28ea8b5cb77d192021-12-23 11:54:00.444root 11241100x80000000000000007214939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e51c7fe569a5c32021-12-23 11:54:00.444root 11241100x80000000000000007214940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e01c19ff0100142021-12-23 11:54:00.444root 11241100x80000000000000007214941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe9204a7ee539af2021-12-23 11:54:00.444root 11241100x80000000000000007214942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac15cadf62e5abc2021-12-23 11:54:00.444root 11241100x80000000000000007214943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7a9c419b31dcfd2021-12-23 11:54:00.444root 11241100x80000000000000007214944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186f5801883939192021-12-23 11:54:00.445root 11241100x80000000000000007214945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1203e61237ce8d782021-12-23 11:54:00.943root 11241100x80000000000000007214946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00392cb94f705912021-12-23 11:54:00.943root 11241100x80000000000000007214947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0029bb09d1d08c812021-12-23 11:54:00.943root 11241100x80000000000000007214948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd72f03d850d6662021-12-23 11:54:00.943root 11241100x80000000000000007214949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24de0d35faad60252021-12-23 11:54:00.943root 11241100x80000000000000007214950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb44d739ca923b32021-12-23 11:54:00.943root 11241100x80000000000000007214951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0370e51c6431bdc32021-12-23 11:54:00.943root 11241100x80000000000000007214952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b243b2c54482a52021-12-23 11:54:00.943root 11241100x80000000000000007214953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298b77f5e280c55d2021-12-23 11:54:00.943root 11241100x80000000000000007214954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc104c7bc739c7a2021-12-23 11:54:00.943root 11241100x80000000000000007214955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d04b543a1b6118b2021-12-23 11:54:00.944root 11241100x80000000000000007214956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c65f0d2e21ed4d2021-12-23 11:54:00.944root 11241100x80000000000000007214957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5172615ec655f4a2021-12-23 11:54:00.944root 11241100x80000000000000007214958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00beb60df3bf87e92021-12-23 11:54:00.944root 11241100x80000000000000007214959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1976df5a0435d42021-12-23 11:54:00.944root 11241100x80000000000000007214960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bdcb1aaf542c3c2021-12-23 11:54:00.944root 11241100x80000000000000007214961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7099df3436dc92322021-12-23 11:54:00.944root 11241100x80000000000000007214962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0253c673f37adf12021-12-23 11:54:00.944root 11241100x80000000000000007214963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8ed1427e33433e2021-12-23 11:54:00.944root 11241100x80000000000000007214964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372be9c4b4aef4d82021-12-23 11:54:00.944root 11241100x80000000000000007214965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0360613d2f32fc372021-12-23 11:54:00.944root 11241100x80000000000000007214966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddeddf86ad55dfe2021-12-23 11:54:00.944root 11241100x80000000000000007214967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57f5f45848473a32021-12-23 11:54:00.944root 11241100x80000000000000007214968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b205baf8be42a4cc2021-12-23 11:54:00.944root 11241100x80000000000000007214969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cc23585183da102021-12-23 11:54:00.945root 11241100x80000000000000007214970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ad7479daedd8052021-12-23 11:54:00.945root 11241100x80000000000000007214971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7fe268ff798f232021-12-23 11:54:01.444root 11241100x80000000000000007214972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f4ceb7e0304d3d2021-12-23 11:54:01.444root 11241100x80000000000000007214973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c6e326884e6a9a2021-12-23 11:54:01.444root 11241100x80000000000000007214974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eadf72a13e25d5a2021-12-23 11:54:01.444root 11241100x80000000000000007214975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad9a4419c909eed2021-12-23 11:54:01.445root 11241100x80000000000000007214976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715072834711da572021-12-23 11:54:01.445root 11241100x80000000000000007214977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480839c4f82d15e2021-12-23 11:54:01.445root 11241100x80000000000000007214978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4943ee0cfff5f02021-12-23 11:54:01.445root 11241100x80000000000000007214979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e1268c1feeef692021-12-23 11:54:01.445root 11241100x80000000000000007214980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e61b5c15e0dc4af2021-12-23 11:54:01.446root 11241100x80000000000000007214981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7158b53d62fcbe212021-12-23 11:54:01.446root 11241100x80000000000000007214982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7748caecc3ac982021-12-23 11:54:01.446root 11241100x80000000000000007214983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b4577e33544fb92021-12-23 11:54:01.446root 11241100x80000000000000007214984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a256d73669e064e62021-12-23 11:54:01.446root 11241100x80000000000000007214985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec67ca3006f97912021-12-23 11:54:01.446root 11241100x80000000000000007214986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dfb98ae26b92c12021-12-23 11:54:01.446root 11241100x80000000000000007214987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afc528c870750a12021-12-23 11:54:01.446root 11241100x80000000000000007214988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82d8968a6a987e02021-12-23 11:54:01.446root 11241100x80000000000000007214989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9937dc4f67316f2021-12-23 11:54:01.446root 11241100x80000000000000007214990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b134fccc5552cbcb2021-12-23 11:54:01.446root 11241100x80000000000000007214991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1514b11938e3bf0f2021-12-23 11:54:01.446root 11241100x80000000000000007214992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867eaf4129b55792021-12-23 11:54:01.446root 11241100x80000000000000007214993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded3b27729f1c2e22021-12-23 11:54:01.446root 11241100x80000000000000007214994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830c6b2ee19608102021-12-23 11:54:01.447root 11241100x80000000000000007214995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d1259432b17af32021-12-23 11:54:01.447root 11241100x80000000000000007214996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716824daf41a18982021-12-23 11:54:01.943root 11241100x80000000000000007214997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1056540b13765c8d2021-12-23 11:54:01.943root 11241100x80000000000000007214998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62a9e9deb00a5e12021-12-23 11:54:01.944root 11241100x80000000000000007214999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0f6011a089fa592021-12-23 11:54:01.944root 11241100x80000000000000007215000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10664b9bdd667f2f2021-12-23 11:54:01.944root 11241100x80000000000000007215001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7666ec9083004fd2021-12-23 11:54:01.944root 11241100x80000000000000007215002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363f141b97e8d6172021-12-23 11:54:01.944root 11241100x80000000000000007215003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ee9ec0fae3f4e72021-12-23 11:54:01.944root 11241100x80000000000000007215004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7738d3a20b3a31e2021-12-23 11:54:01.944root 11241100x80000000000000007215005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a630c8d1215c1d712021-12-23 11:54:01.945root 11241100x80000000000000007215006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55edd2f0d383af5d2021-12-23 11:54:01.945root 11241100x80000000000000007215007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9f799b8340443d2021-12-23 11:54:01.945root 11241100x80000000000000007215008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22c63a41f0eda012021-12-23 11:54:01.945root 11241100x80000000000000007215009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d7a692ccb077802021-12-23 11:54:01.945root 11241100x80000000000000007215010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220b2a059327c5dd2021-12-23 11:54:01.945root 11241100x80000000000000007215011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276acd6a44bbcf792021-12-23 11:54:01.945root 11241100x80000000000000007215012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ffa82c7935d7c72021-12-23 11:54:01.945root 11241100x80000000000000007215013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4fcf298b3732852021-12-23 11:54:01.945root 11241100x80000000000000007215014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2a956ad1f43ca42021-12-23 11:54:01.945root 11241100x80000000000000007215015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3141ed635e9e798a2021-12-23 11:54:01.945root 11241100x80000000000000007215016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5545782f33d649db2021-12-23 11:54:01.945root 11241100x80000000000000007215017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee74be6a6e7dcfd2021-12-23 11:54:01.945root 11241100x80000000000000007215018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948c8bf42f578b052021-12-23 11:54:01.945root 11241100x80000000000000007215019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cbd594f2f625142021-12-23 11:54:01.945root 11241100x80000000000000007215020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe5e8d4388339c2021-12-23 11:54:02.443root 11241100x80000000000000007215021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e24f49b81258a2021-12-23 11:54:02.443root 11241100x80000000000000007215022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d2dcb9abef81312021-12-23 11:54:02.443root 11241100x80000000000000007215023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444625d2febfd2992021-12-23 11:54:02.443root 11241100x80000000000000007215024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e40dcd60ecedcb52021-12-23 11:54:02.443root 11241100x80000000000000007215025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7bb05c64678a1c2021-12-23 11:54:02.443root 11241100x80000000000000007215026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22841e798bf3e7282021-12-23 11:54:02.443root 11241100x80000000000000007215027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdcc7c9049cf8ff2021-12-23 11:54:02.443root 11241100x80000000000000007215028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63075f1fdb5d7ecf2021-12-23 11:54:02.444root 11241100x80000000000000007215029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423d2adfb0bc891f2021-12-23 11:54:02.444root 11241100x80000000000000007215030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17a107449efdd372021-12-23 11:54:02.444root 11241100x80000000000000007215031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43da925e4a928af62021-12-23 11:54:02.444root 11241100x80000000000000007215032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c75d27873cae4c52021-12-23 11:54:02.444root 11241100x80000000000000007215033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72730dba45bfd562021-12-23 11:54:02.444root 11241100x80000000000000007215034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62d3549d57919792021-12-23 11:54:02.444root 11241100x80000000000000007215035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83eda58f1d002b5b2021-12-23 11:54:02.444root 11241100x80000000000000007215036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d68ac18c7889e9c2021-12-23 11:54:02.444root 11241100x80000000000000007215037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b95d05d0d5d2652021-12-23 11:54:02.444root 11241100x80000000000000007215038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ac5c52fe89ed5f2021-12-23 11:54:02.444root 11241100x80000000000000007215039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e10422c944fe922021-12-23 11:54:02.444root 11241100x80000000000000007215040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300e13cebd9ec1572021-12-23 11:54:02.444root 11241100x80000000000000007215041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a50c12d3be984f2021-12-23 11:54:02.444root 11241100x80000000000000007215042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6680f1e0d22aba492021-12-23 11:54:02.444root 11241100x80000000000000007215043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf0f8e02e6dc5652021-12-23 11:54:02.445root 11241100x80000000000000007215044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bca131852a1df7e2021-12-23 11:54:02.943root 11241100x80000000000000007215045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf16161a7a207422021-12-23 11:54:02.943root 11241100x80000000000000007215046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2a2012b71f7a242021-12-23 11:54:02.943root 11241100x80000000000000007215047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5d4e5b447740db2021-12-23 11:54:02.943root 11241100x80000000000000007215048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd0a00917d8d3762021-12-23 11:54:02.944root 11241100x80000000000000007215049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f1b6a68c0501e22021-12-23 11:54:02.944root 11241100x80000000000000007215050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839f26052ff9d6962021-12-23 11:54:02.944root 11241100x80000000000000007215051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdd249b4b3938702021-12-23 11:54:02.944root 11241100x80000000000000007215052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30b31600b079cf32021-12-23 11:54:02.944root 11241100x80000000000000007215053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78532f64dc393bb2021-12-23 11:54:02.944root 11241100x80000000000000007215054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aed69d4669c14f2021-12-23 11:54:02.944root 11241100x80000000000000007215055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16897fb9612535d82021-12-23 11:54:02.944root 11241100x80000000000000007215056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0def4e857374bc2021-12-23 11:54:02.944root 11241100x80000000000000007215057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f71fab5d049b2f2021-12-23 11:54:02.944root 11241100x80000000000000007215058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ee7b9a88f108b42021-12-23 11:54:02.944root 11241100x80000000000000007215059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afafcdf5080da4372021-12-23 11:54:02.944root 11241100x80000000000000007215060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c5f8e9dde3f2102021-12-23 11:54:02.945root 11241100x80000000000000007215061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f7de95a9b948272021-12-23 11:54:02.945root 11241100x80000000000000007215062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533caaa2f4434a9a2021-12-23 11:54:02.945root 11241100x80000000000000007215063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d414a7d101ec46082021-12-23 11:54:02.945root 11241100x80000000000000007215064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a64f9db16bf01622021-12-23 11:54:02.945root 11241100x80000000000000007215065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a6285f0888e1452021-12-23 11:54:02.945root 11241100x80000000000000007215066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7c3df93a57d6e2021-12-23 11:54:02.945root 11241100x80000000000000007215067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef683be658601a22021-12-23 11:54:02.945root 23542300x80000000000000007215068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007215069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb25fc0cd780eed2021-12-23 11:54:03.443root 11241100x80000000000000007215070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfa5aa14b5192632021-12-23 11:54:03.443root 11241100x80000000000000007215071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6d0e7a89437d52021-12-23 11:54:03.443root 11241100x80000000000000007215072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01e690548840a762021-12-23 11:54:03.443root 11241100x80000000000000007215073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26471763f09e51452021-12-23 11:54:03.444root 11241100x80000000000000007215074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bac39ac20ca89022021-12-23 11:54:03.444root 11241100x80000000000000007215075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5387ce98b980f9852021-12-23 11:54:03.444root 11241100x80000000000000007215076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72749c5d78dc37502021-12-23 11:54:03.444root 11241100x80000000000000007215077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2985121848518242021-12-23 11:54:03.444root 11241100x80000000000000007215078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c149e1fc4e3e7792021-12-23 11:54:03.444root 11241100x80000000000000007215079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2428b0270ef035ad2021-12-23 11:54:03.444root 11241100x80000000000000007215080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada20b497a16ce572021-12-23 11:54:03.445root 11241100x80000000000000007215081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b208b098e18b55b12021-12-23 11:54:03.445root 11241100x80000000000000007215082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba3c9638d26dc92021-12-23 11:54:03.445root 11241100x80000000000000007215083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ac507a395f5e4f2021-12-23 11:54:03.445root 11241100x80000000000000007215084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10b31348fbedd1a2021-12-23 11:54:03.445root 11241100x80000000000000007215085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d1b33ec585f2282021-12-23 11:54:03.445root 11241100x80000000000000007215086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13ff8d139bf965e2021-12-23 11:54:03.445root 11241100x80000000000000007215087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e15de7da57398e2021-12-23 11:54:03.445root 11241100x80000000000000007215088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349cc3253c9066632021-12-23 11:54:03.445root 11241100x80000000000000007215089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0b770300dfd28f2021-12-23 11:54:03.445root 11241100x80000000000000007215090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c7636ec78c19d62021-12-23 11:54:03.446root 11241100x80000000000000007215091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d1444a856500982021-12-23 11:54:03.446root 11241100x80000000000000007215092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbbae12d562d9c12021-12-23 11:54:03.446root 11241100x80000000000000007215093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc3ce12618026882021-12-23 11:54:03.446root 11241100x80000000000000007215094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897556649c8c7b872021-12-23 11:54:03.943root 11241100x80000000000000007215095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a18484d097cfe62021-12-23 11:54:03.943root 11241100x80000000000000007215096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443bcb473a13d38b2021-12-23 11:54:03.943root 11241100x80000000000000007215097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a43e962e74a106d2021-12-23 11:54:03.943root 11241100x80000000000000007215098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61329b6a73cf3aea2021-12-23 11:54:03.944root 11241100x80000000000000007215099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5287ad2685239222021-12-23 11:54:03.944root 11241100x80000000000000007215100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4af44ed28a0f652021-12-23 11:54:03.944root 11241100x80000000000000007215101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab98f8080e4290c92021-12-23 11:54:03.944root 11241100x80000000000000007215102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434cdb5cbed6bd6f2021-12-23 11:54:03.944root 11241100x80000000000000007215103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ffa03cb35f9ef12021-12-23 11:54:03.944root 11241100x80000000000000007215104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c133ca6d4d25e93e2021-12-23 11:54:03.944root 354300x80000000000000007215132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:16.245{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33824-false10.0.1.12-8000- 11241100x80000000000000007215133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:16.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9cdeaf677de9de2021-12-23 11:54:16.692root 11241100x80000000000000007215134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:17.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d126d99c156a9d2021-12-23 11:54:17.192root 11241100x80000000000000007215135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:17.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e307a71134584f72021-12-23 11:54:17.692root 11241100x80000000000000007215136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:18.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd9d2d4b9e8ceb72021-12-23 11:54:18.192root 11241100x80000000000000007215137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:18.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bcba71bf400c7c2021-12-23 11:54:18.692root 11241100x80000000000000007215138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:19.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfe5422aeecc8082021-12-23 11:54:19.192root 11241100x80000000000000007215139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:19.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863d893b34559d102021-12-23 11:54:19.692root 11241100x80000000000000007215140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:20.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ca58c12f9675482021-12-23 11:54:20.192root 11241100x80000000000000007215141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:20.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325d57157dd1d9672021-12-23 11:54:20.692root 11241100x80000000000000007215142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:21.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73eb0e613624b272021-12-23 11:54:21.192root 11241100x80000000000000007215143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:21.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b86b75231c14832021-12-23 11:54:21.692root 354300x80000000000000007215144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:22.030{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33826-false10.0.1.12-8000- 11241100x80000000000000007215145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:22.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7fd2f40728b3342021-12-23 11:54:22.031root 11241100x80000000000000007215146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f64cd20e6a7ac52021-12-23 11:54:22.442root 11241100x80000000000000007215147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd1e54b93e770152021-12-23 11:54:22.442root 11241100x80000000000000007215148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc268539cdf009932021-12-23 11:54:22.942root 11241100x80000000000000007215149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fad313059337af2021-12-23 11:54:22.943root 11241100x80000000000000007215150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92877d3bd35ed6fd2021-12-23 11:54:23.442root 11241100x80000000000000007215151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebb8cabcf22c3e82021-12-23 11:54:23.443root 11241100x80000000000000007215152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb857a241d0ca9e82021-12-23 11:54:23.942root 11241100x80000000000000007215153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e803af37c75d7d2021-12-23 11:54:23.943root 11241100x80000000000000007215154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2207e3b4d45d85542021-12-23 11:54:24.442root 11241100x80000000000000007215155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b067fbca78f4f42021-12-23 11:54:24.443root 11241100x80000000000000007215156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e927a6c471799422021-12-23 11:54:24.942root 11241100x80000000000000007215157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b6374bb0f53c262021-12-23 11:54:24.942root 11241100x80000000000000007215158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22657e7e00d10b392021-12-23 11:54:25.442root 11241100x80000000000000007215159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f60ecce2f9abc62021-12-23 11:54:25.442root 11241100x80000000000000007215160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aea3749923ed5582021-12-23 11:54:25.942root 11241100x80000000000000007215161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4792bb6b5e7a39832021-12-23 11:54:25.942root 11241100x80000000000000007215162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4514dd1dbd37d762021-12-23 11:54:26.442root 11241100x80000000000000007215163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49033a33c7ea6022021-12-23 11:54:26.443root 11241100x80000000000000007215164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6e645dbe69bc8a2021-12-23 11:54:26.942root 11241100x80000000000000007215165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3140d7ca5f93a8d12021-12-23 11:54:26.943root 11241100x80000000000000007215166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:27.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e7dca5585f9e492021-12-23 11:54:27.442root 11241100x80000000000000007215167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632232bf1b189fb32021-12-23 11:54:27.443root 11241100x80000000000000007215168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:27.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953b6686e5d3ccc32021-12-23 11:54:27.942root 11241100x80000000000000007215169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dce9fdc2f281392021-12-23 11:54:27.943root 354300x80000000000000007215170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:28.013{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33828-false10.0.1.12-8000- 11241100x80000000000000007215171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:28.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c839ca7ea6cf2f812021-12-23 11:54:28.442root 11241100x80000000000000007215172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a97ab941a4ade502021-12-23 11:54:28.443root 11241100x80000000000000007215173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6522f112b444cb2021-12-23 11:54:28.443root 11241100x80000000000000007215174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a8ec19b154cc812021-12-23 11:54:28.942root 11241100x80000000000000007215175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f137e5794f39782021-12-23 11:54:28.943root 11241100x80000000000000007215176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116be99ee69bfcad2021-12-23 11:54:28.943root 11241100x80000000000000007215177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1bec6d37ee330a2021-12-23 11:54:29.442root 11241100x80000000000000007215178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae56af6c6a74e152021-12-23 11:54:29.443root 11241100x80000000000000007215179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2b4491ecc006112021-12-23 11:54:29.443root 11241100x80000000000000007215180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1655e0be1f68e21b2021-12-23 11:54:29.942root 11241100x80000000000000007215181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a7af763e7ddbef2021-12-23 11:54:29.943root 11241100x80000000000000007215182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be827ba18a5d9912021-12-23 11:54:29.943root 11241100x80000000000000007215183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:54:30.142root 11241100x80000000000000007215184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766c6aabf0077d092021-12-23 11:54:30.443root 11241100x80000000000000007215185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9e063bd00f6ab22021-12-23 11:54:30.443root 11241100x80000000000000007215186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906d1a58e12e02d22021-12-23 11:54:30.443root 11241100x80000000000000007215187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ec2650f4854a202021-12-23 11:54:30.443root 11241100x80000000000000007215188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8cb5a723ecd31e2021-12-23 11:54:30.942root 11241100x80000000000000007215189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a3545f54b818a72021-12-23 11:54:30.943root 11241100x80000000000000007215190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbbfca3897930c92021-12-23 11:54:30.943root 11241100x80000000000000007215191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab37d79c97b31f202021-12-23 11:54:30.943root 11241100x80000000000000007215192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7554d6ec3cfd9b922021-12-23 11:54:31.443root 11241100x80000000000000007215193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94e7f4b496d26062021-12-23 11:54:31.444root 11241100x80000000000000007215194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d688856a76b6e52021-12-23 11:54:31.444root 11241100x80000000000000007215195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c444f55db4fbe3ed2021-12-23 11:54:31.444root 11241100x80000000000000007215196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cc25c2d244fed42021-12-23 11:54:31.942root 11241100x80000000000000007215197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af53b8e8239be692021-12-23 11:54:31.943root 11241100x80000000000000007215198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d4d7d011d81902021-12-23 11:54:31.943root 11241100x80000000000000007215199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b9215d263382872021-12-23 11:54:31.943root 11241100x80000000000000007215200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbe576a5eaf43192021-12-23 11:54:32.442root 11241100x80000000000000007215201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d20d85b300a1fe32021-12-23 11:54:32.443root 11241100x80000000000000007215202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5142676295abd92021-12-23 11:54:32.443root 11241100x80000000000000007215203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4558a607e84abb2021-12-23 11:54:32.443root 11241100x80000000000000007215204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b3c842c3d886b2021-12-23 11:54:32.942root 11241100x80000000000000007215205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dce1f3eaf6f792e2021-12-23 11:54:32.943root 11241100x80000000000000007215206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a06e9d8c0a023372021-12-23 11:54:32.943root 11241100x80000000000000007215207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b075da125169962021-12-23 11:54:32.943root 354300x80000000000000007215208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.060{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33830-false10.0.1.12-8000- 23542300x80000000000000007215209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007215210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dc0e84a9c76ef02021-12-23 11:54:33.443root 11241100x80000000000000007215211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fae0bbc9c6ea2752021-12-23 11:54:33.443root 11241100x80000000000000007215212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a34941109076372021-12-23 11:54:33.443root 11241100x80000000000000007215213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d6b53be493c4d52021-12-23 11:54:33.443root 11241100x80000000000000007215214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af82806f3dc05bcf2021-12-23 11:54:33.443root 11241100x80000000000000007215215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401818cd213071192021-12-23 11:54:33.443root 11241100x80000000000000007215216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2192799158f9756e2021-12-23 11:54:33.943root 11241100x80000000000000007215217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab38570072be3d42021-12-23 11:54:33.943root 11241100x80000000000000007215218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16ea0e3f5a374c52021-12-23 11:54:33.943root 11241100x80000000000000007215219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373835d811d1eb12021-12-23 11:54:33.943root 11241100x80000000000000007215220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5b3c454bb7b1e72021-12-23 11:54:33.943root 11241100x80000000000000007215221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103291ceaaae200d2021-12-23 11:54:33.943root 154100x80000000000000007215222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.098{ec2b6afe-637a-61c4-6824-33924c560000}5076/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000007215223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.111{ec2b6afe-637a-61c4-6824-33924c560000}5076/bin/psroot 11241100x80000000000000007215224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f851efcb65b66f62021-12-23 11:54:34.442root 11241100x80000000000000007215225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a54b26e48c0704b2021-12-23 11:54:34.443root 11241100x80000000000000007215226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1292c05111a9b92021-12-23 11:54:34.443root 11241100x80000000000000007215227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb2d571ed70b17b2021-12-23 11:54:34.444root 11241100x80000000000000007215228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e8b4d50ae905ce2021-12-23 11:54:34.444root 11241100x80000000000000007215229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bad718a352f882e2021-12-23 11:54:34.445root 11241100x80000000000000007215230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddefdbc6f0fad4222021-12-23 11:54:34.445root 11241100x80000000000000007215231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749de72dd4866772021-12-23 11:54:34.445root 11241100x80000000000000007215232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ca10e5ea6f9c8e2021-12-23 11:54:34.943root 11241100x80000000000000007215233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a0f0d8aee953622021-12-23 11:54:34.943root 11241100x80000000000000007215234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7081bc1a1ebcb2a02021-12-23 11:54:34.943root 11241100x80000000000000007215235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547762dee6facd512021-12-23 11:54:34.943root 11241100x80000000000000007215236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0360ab2e106d572021-12-23 11:54:34.943root 11241100x80000000000000007215237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f32f2c8bd1501a72021-12-23 11:54:34.943root 11241100x80000000000000007215238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63340ec3bcd56adc2021-12-23 11:54:34.944root 11241100x80000000000000007215239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d15eb7e90c7412021-12-23 11:54:34.944root 11241100x80000000000000007215240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9f49e212e07f492021-12-23 11:54:35.443root 11241100x80000000000000007215241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb119c21a206dec2021-12-23 11:54:35.443root 11241100x80000000000000007215242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8039a3ccb4adec52021-12-23 11:54:35.443root 11241100x80000000000000007215243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849691eb4a094ba92021-12-23 11:54:35.443root 11241100x80000000000000007215244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c52d1d46e98528c2021-12-23 11:54:35.443root 11241100x80000000000000007215245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23a3af40aff7d692021-12-23 11:54:35.443root 11241100x80000000000000007215246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158b5fc7f804a522021-12-23 11:54:35.443root 11241100x80000000000000007215247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c8274e92f586702021-12-23 11:54:35.443root 11241100x80000000000000007215248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3362ed51fe99dce2021-12-23 11:54:35.943root 11241100x80000000000000007215249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793b3725ead7d7d62021-12-23 11:54:35.943root 11241100x80000000000000007215250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f26dc27e73f31f52021-12-23 11:54:35.943root 11241100x80000000000000007215251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2462e23039cd05702021-12-23 11:54:35.943root 11241100x80000000000000007215252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97f8e9998a0e49a2021-12-23 11:54:35.943root 11241100x80000000000000007215253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0e68a0f467c92b2021-12-23 11:54:35.943root 11241100x80000000000000007215254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224d3d2c59e0214a2021-12-23 11:54:35.943root 11241100x80000000000000007215255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51df17484bc13dc2021-12-23 11:54:35.943root 11241100x80000000000000007215256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49280c826209c3382021-12-23 11:54:36.443root 11241100x80000000000000007215257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ced93a29e7c5f292021-12-23 11:54:36.443root 11241100x80000000000000007215258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc67591b3d0435172021-12-23 11:54:36.443root 11241100x80000000000000007215259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64559cf5dd12d3792021-12-23 11:54:36.443root 11241100x80000000000000007215260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c6330b889b8ea62021-12-23 11:54:36.443root 11241100x80000000000000007215261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b515aae28bdba012021-12-23 11:54:36.443root 11241100x80000000000000007215262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7e4b70fe9e10762021-12-23 11:54:36.443root 11241100x80000000000000007215263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de24c9b17d95c6532021-12-23 11:54:36.443root 11241100x80000000000000007215264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df1ffb6a52e8ef42021-12-23 11:54:36.943root 11241100x80000000000000007215265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994ac11e54dcc5612021-12-23 11:54:36.943root 11241100x80000000000000007215266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139eda39f99207c72021-12-23 11:54:36.943root 11241100x80000000000000007215267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94970225e7722f82021-12-23 11:54:36.943root 11241100x80000000000000007215268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571c34e2fc442bc52021-12-23 11:54:36.943root 11241100x80000000000000007215269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b648b7737612ff952021-12-23 11:54:36.943root 11241100x80000000000000007215270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aa4403c09a39b82021-12-23 11:54:36.943root 11241100x80000000000000007215271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f9669ba6a85db32021-12-23 11:54:36.943root 11241100x80000000000000007215272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd3dbba6c0a1d5b2021-12-23 11:54:37.443root 11241100x80000000000000007215273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57326c179258b1d32021-12-23 11:54:37.443root 11241100x80000000000000007215274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0013537c1f3fbc2021-12-23 11:54:37.443root 11241100x80000000000000007215275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ac9bd0da8815082021-12-23 11:54:37.443root 11241100x80000000000000007215276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de0dc39a7a245472021-12-23 11:54:37.443root 11241100x80000000000000007215277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2251d2e85e0df692021-12-23 11:54:37.443root 11241100x80000000000000007215278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39619d41e1f4a57e2021-12-23 11:54:37.443root 11241100x80000000000000007215279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c3ab77f6852d8f2021-12-23 11:54:37.443root 11241100x80000000000000007215280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11707756d6571bdc2021-12-23 11:54:37.943root 11241100x80000000000000007215281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e8e09dc063c2ac2021-12-23 11:54:37.943root 11241100x80000000000000007215282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b51dc318043302021-12-23 11:54:37.943root 11241100x80000000000000007215283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92659671529cecb2021-12-23 11:54:37.943root 11241100x80000000000000007215284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3296fd613ceb99cd2021-12-23 11:54:37.943root 11241100x80000000000000007215285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557fa7f1353ecf792021-12-23 11:54:37.943root 11241100x80000000000000007215286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107d659f7d3d60e2021-12-23 11:54:37.943root 11241100x80000000000000007215287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc41e747b099393f2021-12-23 11:54:37.943root 354300x80000000000000007215288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.195{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33832-false10.0.1.12-8000- 11241100x80000000000000007215289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfb5d465192f1672021-12-23 11:54:38.196root 11241100x80000000000000007215290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fe3c2a2d674a322021-12-23 11:54:38.196root 11241100x80000000000000007215291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8b893a8e5aad832021-12-23 11:54:38.196root 11241100x80000000000000007215292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56563443234ca2bd2021-12-23 11:54:38.196root 11241100x80000000000000007215293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3ad496da0bbef52021-12-23 11:54:38.197root 11241100x80000000000000007215294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05defc774fc8a8942021-12-23 11:54:38.197root 11241100x80000000000000007215295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db08da4f536d8482021-12-23 11:54:38.197root 11241100x80000000000000007215296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a6502fc8b457f12021-12-23 11:54:38.197root 11241100x80000000000000007215297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94b2f69975dee6e2021-12-23 11:54:38.197root 11241100x80000000000000007215298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3439bbb5599a77992021-12-23 11:54:38.693root 11241100x80000000000000007215299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbeba0d9b88faca2021-12-23 11:54:38.693root 11241100x80000000000000007215300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3f720aa18f2ed72021-12-23 11:54:38.693root 11241100x80000000000000007215301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf597a4a010470c82021-12-23 11:54:38.693root 11241100x80000000000000007215302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd88e41792e16052021-12-23 11:54:38.693root 11241100x80000000000000007215303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929abdd919015082021-12-23 11:54:38.693root 11241100x80000000000000007215304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc4fb97bfe3d6e02021-12-23 11:54:38.693root 11241100x80000000000000007215305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f6abf93cb042572021-12-23 11:54:38.694root 11241100x80000000000000007215306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24034cc498c7a24e2021-12-23 11:54:38.694root 11241100x80000000000000007215307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984ff85e3dfd5fbe2021-12-23 11:54:39.193root 11241100x80000000000000007215308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8183444b102ce1fa2021-12-23 11:54:39.193root 11241100x80000000000000007215309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a036f35ea402fe02021-12-23 11:54:39.193root 11241100x80000000000000007215310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20287522062553782021-12-23 11:54:39.193root 11241100x80000000000000007215311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa30c0884afaf3b82021-12-23 11:54:39.193root 11241100x80000000000000007215312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c180287482117b2021-12-23 11:54:39.193root 11241100x80000000000000007215313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f3d405bf25a0e32021-12-23 11:54:39.194root 11241100x80000000000000007215314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265f5d605d37efa2021-12-23 11:54:39.194root 11241100x80000000000000007215315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b32a48c001c76d2021-12-23 11:54:39.194root 11241100x80000000000000007215316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac633efcfa5c3f962021-12-23 11:54:39.693root 11241100x80000000000000007215317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06efe22d4aa12b452021-12-23 11:54:39.693root 11241100x80000000000000007215318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f996a913fa5796962021-12-23 11:54:39.693root 11241100x80000000000000007215319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba18c1d7a3599dd2021-12-23 11:54:39.693root 11241100x80000000000000007215320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b47f4ba5f969f5e2021-12-23 11:54:39.693root 11241100x80000000000000007215321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70daf0216d91c7b92021-12-23 11:54:39.693root 11241100x80000000000000007215322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73753441357297772021-12-23 11:54:39.693root 11241100x80000000000000007215323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4bfbbc2caaddb32021-12-23 11:54:39.693root 11241100x80000000000000007215324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc81b834ef994c82021-12-23 11:54:39.694root 11241100x80000000000000007215325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca4597d87b4148c2021-12-23 11:54:40.192root 11241100x80000000000000007215326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb55f8fc907e7912021-12-23 11:54:40.193root 11241100x80000000000000007215327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f0b863ebbe7022021-12-23 11:54:40.193root 11241100x80000000000000007215328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52151849beeab5cd2021-12-23 11:54:40.193root 11241100x80000000000000007215329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5eaf7d85e89f782021-12-23 11:54:40.193root 11241100x80000000000000007215330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617ba33bbf2748502021-12-23 11:54:40.193root 11241100x80000000000000007215331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da1d86c10c6f8482021-12-23 11:54:40.193root 11241100x80000000000000007215332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7299e53285b2e0482021-12-23 11:54:40.193root 11241100x80000000000000007215333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c179d49cf2fa9b042021-12-23 11:54:40.193root 11241100x80000000000000007215334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f838ade5cb25ff2021-12-23 11:54:40.693root 11241100x80000000000000007215335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaf8dfc04709f652021-12-23 11:54:40.693root 11241100x80000000000000007215336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171125f76cba77942021-12-23 11:54:40.693root 11241100x80000000000000007215337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05340fb879930272021-12-23 11:54:40.693root 11241100x80000000000000007215338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8af417022b720d2021-12-23 11:54:40.693root 11241100x80000000000000007215339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb688781945687f2021-12-23 11:54:40.693root 11241100x80000000000000007215340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd357c6d7d9f6f72021-12-23 11:54:40.693root 11241100x80000000000000007215341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1115c15fec94e4792021-12-23 11:54:40.693root 11241100x80000000000000007215342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe7515d093ac1c52021-12-23 11:54:40.693root 11241100x80000000000000007215343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402a2cee872199d02021-12-23 11:54:41.192root 11241100x80000000000000007215344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d1d7a12d5f14702021-12-23 11:54:41.193root 11241100x80000000000000007215345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169c36e26f49eb302021-12-23 11:54:41.193root 11241100x80000000000000007215346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fe3600557ab30c2021-12-23 11:54:41.193root 11241100x80000000000000007215347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad0100b3e9793df2021-12-23 11:54:41.193root 11241100x80000000000000007215348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e381dab5c0a70f112021-12-23 11:54:41.193root 11241100x80000000000000007215349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4852d607f73e24162021-12-23 11:54:41.193root 11241100x80000000000000007215350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa48ddf6b4d84752021-12-23 11:54:41.193root 11241100x80000000000000007215351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04307919a3e7aa272021-12-23 11:54:41.193root 11241100x80000000000000007215352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf6d75c0a5ebea12021-12-23 11:54:41.693root 11241100x80000000000000007215353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad603afe1d47a202021-12-23 11:54:41.693root 11241100x80000000000000007215354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dd3a3ae8b69a032021-12-23 11:54:41.693root 11241100x80000000000000007215355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37251f3b7036d3c92021-12-23 11:54:41.693root 11241100x80000000000000007215356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f5aaaf59ca0072021-12-23 11:54:41.693root 11241100x80000000000000007215357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612095ccc3f1dc522021-12-23 11:54:41.693root 11241100x80000000000000007215358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a875ad5505b31f32021-12-23 11:54:41.693root 11241100x80000000000000007215359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc6e25d4c8a69c42021-12-23 11:54:41.693root 11241100x80000000000000007215360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4ec14d38fb1b782021-12-23 11:54:41.693root 354300x80000000000000007215361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.010{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-49130-false10.0.1.12-8089- 11241100x80000000000000007215362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbc5c5c5486a1472021-12-23 11:54:42.011root 11241100x80000000000000007215363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cabe77f21f0af72021-12-23 11:54:42.011root 11241100x80000000000000007215364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f1982983fed86d2021-12-23 11:54:42.012root 11241100x80000000000000007215365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53557287e60d49b2021-12-23 11:54:42.012root 11241100x80000000000000007215366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747176973f9bd8dd2021-12-23 11:54:42.012root 11241100x80000000000000007215367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e6f7246b34d27e2021-12-23 11:54:42.012root 11241100x80000000000000007215368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c28047fa75230d22021-12-23 11:54:42.012root 11241100x80000000000000007215369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d534ed44a3be69892021-12-23 11:54:42.012root 11241100x80000000000000007215370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18984a703065b952021-12-23 11:54:42.012root 11241100x80000000000000007215371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2386f7d4d5841282021-12-23 11:54:42.012root 11241100x80000000000000007215372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d9efa6ed80fdf72021-12-23 11:54:42.443root 11241100x80000000000000007215373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e747197d5f52223f2021-12-23 11:54:42.443root 11241100x80000000000000007215374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb150852814bf032021-12-23 11:54:42.443root 11241100x80000000000000007215375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a423f52fef3ea2922021-12-23 11:54:42.443root 11241100x80000000000000007215376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf65cc6e24eb9e52021-12-23 11:54:42.443root 11241100x80000000000000007215377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1dee82e09d64962021-12-23 11:54:42.443root 11241100x80000000000000007215378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb7f7958b22752c2021-12-23 11:54:42.443root 11241100x80000000000000007215379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4910f21fa6e4c942021-12-23 11:54:42.443root 11241100x80000000000000007215380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0aabfa6dceeb68b2021-12-23 11:54:42.443root 11241100x80000000000000007215381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3efb65427f36632021-12-23 11:54:42.443root 11241100x80000000000000007215382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a176b05b11b829b2021-12-23 11:54:42.943root 11241100x80000000000000007215383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4519d07bc1654b1e2021-12-23 11:54:42.943root 11241100x80000000000000007215384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a28027a42899efb2021-12-23 11:54:42.943root 11241100x80000000000000007215385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e6fa9c0b4de2f2021-12-23 11:54:42.943root 11241100x80000000000000007215386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e38c9ad7ee8af832021-12-23 11:54:42.944root 11241100x80000000000000007215387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a34eb98d0e0027d2021-12-23 11:54:42.944root 11241100x80000000000000007215388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d02dbb4eeab4de2021-12-23 11:54:42.945root 11241100x80000000000000007215389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f815c12b63ec34ea2021-12-23 11:54:42.945root 11241100x80000000000000007215390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e65d6b81a658192021-12-23 11:54:42.945root 11241100x80000000000000007215391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270143e4b6576aec2021-12-23 11:54:42.946root 11241100x80000000000000007215392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fedf0b0a8f3ae072021-12-23 11:54:43.443root 11241100x80000000000000007215393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c0855fbd58d3882021-12-23 11:54:43.443root 11241100x80000000000000007215394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2171f809d77fd6062021-12-23 11:54:43.443root 11241100x80000000000000007215395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a9118e47703f362021-12-23 11:54:43.443root 11241100x80000000000000007215396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78556c4b81b02c6d2021-12-23 11:54:43.443root 11241100x80000000000000007215397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992b36b3f61eeaf52021-12-23 11:54:43.443root 11241100x80000000000000007215398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbccecee5428a1c82021-12-23 11:54:43.443root 11241100x80000000000000007215399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35416c53c1cf4dcc2021-12-23 11:54:43.443root 11241100x80000000000000007215400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d459cf565e72e542021-12-23 11:54:43.443root 11241100x80000000000000007215401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181136ae714aef602021-12-23 11:54:43.443root 11241100x80000000000000007215402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29891f58fc053ca22021-12-23 11:54:43.943root 11241100x80000000000000007215403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d359ab05f37992b62021-12-23 11:54:43.943root 11241100x80000000000000007215404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb43db53fafcc3fc2021-12-23 11:54:43.943root 11241100x80000000000000007215405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287c20632e6aefcf2021-12-23 11:54:43.943root 11241100x80000000000000007215406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a42667ca0988cf2021-12-23 11:54:43.943root 11241100x80000000000000007215407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ca01053f9a0a82021-12-23 11:54:43.943root 11241100x80000000000000007215408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc66fe52e7d29ab2021-12-23 11:54:43.943root 11241100x80000000000000007215409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867462722f4f9c72021-12-23 11:54:43.943root 11241100x80000000000000007215410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7eed89c7bd5a9d2021-12-23 11:54:43.943root 11241100x80000000000000007215411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df73421d32800af2021-12-23 11:54:43.944root 354300x80000000000000007215412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.101{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33836-false10.0.1.12-8000- 11241100x80000000000000007215413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ade22dabbab8672021-12-23 11:54:44.443root 11241100x80000000000000007215414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9fcd193ad5403e2021-12-23 11:54:44.443root 11241100x80000000000000007215415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b0c6915bd99c222021-12-23 11:54:44.443root 11241100x80000000000000007215416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dcdefed3e47fed2021-12-23 11:54:44.444root 11241100x80000000000000007215417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021029b61700728e2021-12-23 11:54:44.444root 11241100x80000000000000007215418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768e812a4596b9012021-12-23 11:54:44.444root 11241100x80000000000000007215419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c673a88543f7542021-12-23 11:54:44.444root 11241100x80000000000000007215420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103e725c35f89d7f2021-12-23 11:54:44.444root 11241100x80000000000000007215421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4512e675ee767f2021-12-23 11:54:44.444root 11241100x80000000000000007215422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c011fdbc0e7bee2021-12-23 11:54:44.445root 11241100x80000000000000007215423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339074d033f3166f2021-12-23 11:54:44.445root 11241100x80000000000000007215424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385b2e001d0e38972021-12-23 11:54:44.943root 11241100x80000000000000007215425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8119bb53f52e64342021-12-23 11:54:44.943root 11241100x80000000000000007215426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164ff0bce639c8352021-12-23 11:54:44.943root 11241100x80000000000000007215427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752d3046eefaff292021-12-23 11:54:44.943root 11241100x80000000000000007215428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310e9a0d2f8b1ef62021-12-23 11:54:44.944root 11241100x80000000000000007215429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e225fb9ae3b7124c2021-12-23 11:54:44.944root 11241100x80000000000000007215430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d82ad8242d6e0a92021-12-23 11:54:44.944root 11241100x80000000000000007215431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91ba34edae6eaaa2021-12-23 11:54:44.944root 11241100x80000000000000007215432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731463481aa045342021-12-23 11:54:44.944root 11241100x80000000000000007215433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5ae6eb44a4c1212021-12-23 11:54:44.944root 11241100x80000000000000007215434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9816f4e52cf3aea2021-12-23 11:54:44.944root 11241100x80000000000000007215435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20484c5582fbdae42021-12-23 11:54:45.443root 11241100x80000000000000007215436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d09bfad02b5b642021-12-23 11:54:45.443root 11241100x80000000000000007215437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd7a9de05bdfdaa2021-12-23 11:54:45.443root 11241100x80000000000000007215438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff6224fbac2b3712021-12-23 11:54:45.443root 11241100x80000000000000007215439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80a04560acee8132021-12-23 11:54:45.443root 11241100x80000000000000007215440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7652ac523298dbed2021-12-23 11:54:45.443root 11241100x80000000000000007215441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abf4c0d1b76fe1d2021-12-23 11:54:45.443root 11241100x80000000000000007215442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de58663d94839f72021-12-23 11:54:45.444root 11241100x80000000000000007215443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58abdc4396f5c3bd2021-12-23 11:54:45.444root 11241100x80000000000000007215444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9923585215c858872021-12-23 11:54:45.444root 11241100x80000000000000007215445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368967452bbf24c42021-12-23 11:54:45.444root 11241100x80000000000000007215446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60f43a869a8568d2021-12-23 11:54:45.943root 11241100x80000000000000007215447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eba25d925c8f3b12021-12-23 11:54:45.943root 11241100x80000000000000007215448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384f303f0958ff202021-12-23 11:54:45.943root 11241100x80000000000000007215449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b61960f2f0262142021-12-23 11:54:45.943root 11241100x80000000000000007215450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9509bb8c34e83bc2021-12-23 11:54:45.943root 11241100x80000000000000007215451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9a22a496ddd84a2021-12-23 11:54:45.943root 11241100x80000000000000007215452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6339bbb76e49ca862021-12-23 11:54:45.943root 11241100x80000000000000007215453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30a7782eb1101ae2021-12-23 11:54:45.943root 11241100x80000000000000007215454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c7b071e6764aa72021-12-23 11:54:45.943root 11241100x80000000000000007215455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d022a368b9c0ba232021-12-23 11:54:45.943root 11241100x80000000000000007215456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23976fa9f0802a792021-12-23 11:54:45.944root 11241100x80000000000000007215457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d212588fb61b6e462021-12-23 11:54:46.443root 11241100x80000000000000007215458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269728ee0b26f95a2021-12-23 11:54:46.443root 11241100x80000000000000007215459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ce6de1610c0c172021-12-23 11:54:46.443root 11241100x80000000000000007215460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23c5c013f95ef0f2021-12-23 11:54:46.444root 11241100x80000000000000007215461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb528b3f4145fc2d2021-12-23 11:54:46.444root 11241100x80000000000000007215462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52245b726e3fef832021-12-23 11:54:46.444root 11241100x80000000000000007215463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ce4475ea6354132021-12-23 11:54:46.444root 11241100x80000000000000007215464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c22552aa7d3cfd2021-12-23 11:54:46.444root 11241100x80000000000000007215465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba1faa8ed7ad6192021-12-23 11:54:46.444root 11241100x80000000000000007215466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f605124464d2f6482021-12-23 11:54:46.445root 11241100x80000000000000007215467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3ce6bb795779ba2021-12-23 11:54:46.445root 11241100x80000000000000007215468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c725d6806bcd8012021-12-23 11:54:46.943root 11241100x80000000000000007215469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d264cae278e193342021-12-23 11:54:46.943root 11241100x80000000000000007215470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33150284c1b80b542021-12-23 11:54:46.943root 11241100x80000000000000007215471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5acab5b3f9e1e82021-12-23 11:54:46.943root 11241100x80000000000000007215472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3690a02bcca2fe1c2021-12-23 11:54:46.943root 11241100x80000000000000007215473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480532d0bc5e24c42021-12-23 11:54:46.943root 11241100x80000000000000007215474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385c25787f09b4e42021-12-23 11:54:46.943root 11241100x80000000000000007215475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b9a72cecd6ca6a2021-12-23 11:54:46.944root 11241100x80000000000000007215476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af69a22635a0ce2021-12-23 11:54:46.944root 11241100x80000000000000007215477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e13f0c1d7434f72021-12-23 11:54:46.944root 11241100x80000000000000007215478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516703858db915ca2021-12-23 11:54:46.944root 11241100x80000000000000007215479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1272dab04f5cdc082021-12-23 11:54:47.443root 11241100x80000000000000007215480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0573d6640ed71d82021-12-23 11:54:47.443root 11241100x80000000000000007215481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de28aeceaadfd8212021-12-23 11:54:47.443root 11241100x80000000000000007215482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2161f08abe4b8d2021-12-23 11:54:47.443root 11241100x80000000000000007215483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c978e041b55a56932021-12-23 11:54:47.443root 11241100x80000000000000007215484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489acc41d1529b12021-12-23 11:54:47.443root 11241100x80000000000000007215485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83994bf1b22e6e9e2021-12-23 11:54:47.443root 11241100x80000000000000007215486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3dba5e3e1143bb2021-12-23 11:54:47.444root 11241100x80000000000000007215487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89b4e6e6c335a762021-12-23 11:54:47.444root 11241100x80000000000000007215488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d290d2ab10540e2021-12-23 11:54:47.444root 11241100x80000000000000007215489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842c04a5d0a5ce412021-12-23 11:54:47.444root 11241100x80000000000000007215490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fa7023ea75db442021-12-23 11:54:47.943root 11241100x80000000000000007215491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c742a67ecd3d56c2021-12-23 11:54:47.943root 11241100x80000000000000007215492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b429de9063e7492021-12-23 11:54:47.943root 11241100x80000000000000007215493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6c52035f399c1c2021-12-23 11:54:47.943root 11241100x80000000000000007215494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b039be9ca47b7d2021-12-23 11:54:47.943root 11241100x80000000000000007215495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4db45f3d6db779c2021-12-23 11:54:47.943root 11241100x80000000000000007215496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e8c2efa4317d8d2021-12-23 11:54:47.943root 11241100x80000000000000007215497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30ead6849f9ef6d2021-12-23 11:54:47.943root 11241100x80000000000000007215498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7e8d38f460f90b2021-12-23 11:54:47.944root 11241100x80000000000000007215499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764f476e01ea802b2021-12-23 11:54:47.944root 11241100x80000000000000007215500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9100a14182634f692021-12-23 11:54:47.944root 11241100x80000000000000007215501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c97ac5643a90e82021-12-23 11:54:48.443root 11241100x80000000000000007215502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4406a9b4bef0ea012021-12-23 11:54:48.443root 11241100x80000000000000007215503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d9b24bb26f3e572021-12-23 11:54:48.443root 11241100x80000000000000007215504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d54fd6f6d741512021-12-23 11:54:48.443root 11241100x80000000000000007215505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f262ecc0da59a672021-12-23 11:54:48.443root 11241100x80000000000000007215506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca68f82da26205f12021-12-23 11:54:48.443root 11241100x80000000000000007215507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34b6f0b29a25f5d2021-12-23 11:54:48.443root 11241100x80000000000000007215508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d4fac6685e404e2021-12-23 11:54:48.443root 11241100x80000000000000007215509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ccc0bf445978b92021-12-23 11:54:48.444root 11241100x80000000000000007215510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00167f12ceaff08d2021-12-23 11:54:48.444root 11241100x80000000000000007215511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31987631af69cdb52021-12-23 11:54:48.444root 11241100x80000000000000007215512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26afb45edee23d692021-12-23 11:54:48.943root 11241100x80000000000000007215513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10337a469036e8f2021-12-23 11:54:48.943root 11241100x80000000000000007215514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa1e8c07bd558cc2021-12-23 11:54:48.943root 11241100x80000000000000007215515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45918eafef0424562021-12-23 11:54:48.943root 11241100x80000000000000007215516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0061414749ff42c82021-12-23 11:54:48.943root 11241100x80000000000000007215517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec88d9d3a5b2edd2021-12-23 11:54:48.943root 11241100x80000000000000007215518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4284f3ad88ad464c2021-12-23 11:54:48.943root 11241100x80000000000000007215519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77c45ff1978873e2021-12-23 11:54:48.943root 11241100x80000000000000007215520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f54db5f8e7a10e2021-12-23 11:54:48.943root 11241100x80000000000000007215521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5448ff19444eeb962021-12-23 11:54:48.943root 11241100x80000000000000007215522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3340df184daa3d72021-12-23 11:54:48.944root 354300x80000000000000007215523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.152{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33838-false10.0.1.12-8000- 11241100x80000000000000007215524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428fb08cf07d94962021-12-23 11:54:49.443root 11241100x80000000000000007215525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8a84613ec1580e2021-12-23 11:54:49.443root 11241100x80000000000000007215526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f19dd96f1900182021-12-23 11:54:49.443root 11241100x80000000000000007215527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed9d4c5fbd030742021-12-23 11:54:49.443root 11241100x80000000000000007215528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf9c90988354aca2021-12-23 11:54:49.443root 11241100x80000000000000007215529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be10cd9be87b0d2021-12-23 11:54:49.443root 11241100x80000000000000007215530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca34da7280e08402021-12-23 11:54:49.443root 11241100x80000000000000007215531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0159f42f63fd1be22021-12-23 11:54:49.443root 11241100x80000000000000007215532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9ea855bbe32b8f2021-12-23 11:54:49.443root 11241100x80000000000000007215533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ecda56a2c73c52021-12-23 11:54:49.443root 11241100x80000000000000007215534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f28e1c88e8183e32021-12-23 11:54:49.443root 11241100x80000000000000007215535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33c78c761da50052021-12-23 11:54:49.443root 11241100x80000000000000007215536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c74d8ab38efea12021-12-23 11:54:49.943root 11241100x80000000000000007215537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e78a9b263842c02021-12-23 11:54:49.943root 11241100x80000000000000007215538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f117eca1cb3668d82021-12-23 11:54:49.943root 11241100x80000000000000007215539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f40e495096219302021-12-23 11:54:49.943root 11241100x80000000000000007215540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d0777d1a332dd02021-12-23 11:54:49.943root 11241100x80000000000000007215541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1345a659622032021-12-23 11:54:49.943root 11241100x80000000000000007215542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a867fe6a1ca5a5332021-12-23 11:54:49.943root 11241100x80000000000000007215543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a776ff2d8692ec022021-12-23 11:54:49.944root 11241100x80000000000000007215544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2db8fbaf593a582021-12-23 11:54:49.944root 11241100x80000000000000007215545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd44c18604e5ae4b2021-12-23 11:54:49.944root 11241100x80000000000000007215546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a0f52cb0c9fa1c2021-12-23 11:54:49.944root 11241100x80000000000000007215547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc53dc81a7b7ef22021-12-23 11:54:49.944root 11241100x80000000000000007215548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fdf6945d1be1ea2021-12-23 11:54:50.443root 11241100x80000000000000007215549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5218afab532cd282021-12-23 11:54:50.443root 11241100x80000000000000007215550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630a85487d7925162021-12-23 11:54:50.443root 11241100x80000000000000007215551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75eb1c32b47f22b2021-12-23 11:54:50.443root 11241100x80000000000000007215552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7891d42f53a76c2021-12-23 11:54:50.443root 11241100x80000000000000007215553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c78771c6a776ba2021-12-23 11:54:50.444root 11241100x80000000000000007215554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2474526d54dc6e392021-12-23 11:54:50.444root 11241100x80000000000000007215555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec681e5ff27582d12021-12-23 11:54:50.444root 11241100x80000000000000007215556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d4d52a108127682021-12-23 11:54:50.444root 11241100x80000000000000007215557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c997e29e69d1832021-12-23 11:54:50.444root 11241100x80000000000000007215558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49537b1a789f45712021-12-23 11:54:50.444root 11241100x80000000000000007215559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfa29a5c6740df52021-12-23 11:54:50.444root 11241100x80000000000000007215560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a61972c363b83082021-12-23 11:54:50.942root 11241100x80000000000000007215561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310e3106951f51542021-12-23 11:54:50.943root 11241100x80000000000000007215562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e08a114314d42d2021-12-23 11:54:50.943root 11241100x80000000000000007215563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edb8934d778e24a2021-12-23 11:54:50.943root 11241100x80000000000000007215564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db569689b3f38ca52021-12-23 11:54:50.943root 11241100x80000000000000007215565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f729b69c1c19df6e2021-12-23 11:54:50.943root 11241100x80000000000000007215566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8bfbe33f5da7852021-12-23 11:54:50.943root 11241100x80000000000000007215567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5c98d2a3db02062021-12-23 11:54:50.943root 11241100x80000000000000007215568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a225b62d036298e2021-12-23 11:54:50.943root 11241100x80000000000000007215569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8adfb78347b60412021-12-23 11:54:50.943root 11241100x80000000000000007215570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445ae5cc903a4db82021-12-23 11:54:50.944root 11241100x80000000000000007215571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8150ddc72f4554cb2021-12-23 11:54:50.944root 11241100x80000000000000007215572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aedbae0ef2f47b2021-12-23 11:54:51.443root 11241100x80000000000000007215573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9a74c154aa66df2021-12-23 11:54:51.443root 11241100x80000000000000007215574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939d9a24ae2eb8bd2021-12-23 11:54:51.443root 11241100x80000000000000007215575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70c1daec5034a662021-12-23 11:54:51.443root 11241100x80000000000000007215576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5af8496200f705b2021-12-23 11:54:51.443root 11241100x80000000000000007215577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf466c3c470b7eab2021-12-23 11:54:51.443root 11241100x80000000000000007215578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884c2695f3ceb2032021-12-23 11:54:51.443root 11241100x80000000000000007215579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c6c0684aa30dcb2021-12-23 11:54:51.444root 11241100x80000000000000007215580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ec8105ffd75a1e2021-12-23 11:54:51.444root 11241100x80000000000000007215581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e5a154d8661292021-12-23 11:54:51.444root 11241100x80000000000000007215582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecd24cf177b418f2021-12-23 11:54:51.444root 11241100x80000000000000007215583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0f3fd4fa25f8342021-12-23 11:54:51.444root 11241100x80000000000000007215584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a224648ab6b8cfb62021-12-23 11:54:51.943root 11241100x80000000000000007215585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553b14a2b30b160a2021-12-23 11:54:51.943root 11241100x80000000000000007215586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cd4b1d13c0bbe42021-12-23 11:54:51.943root 11241100x80000000000000007215587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d8a590b6a49edf2021-12-23 11:54:51.943root 11241100x80000000000000007215588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36818b846d3ad0ba2021-12-23 11:54:51.943root 11241100x80000000000000007215589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2688cdba0fa9b32021-12-23 11:54:51.943root 11241100x80000000000000007215590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7f120802dd694b2021-12-23 11:54:51.943root 11241100x80000000000000007215591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee7eed8de5d42b42021-12-23 11:54:51.944root 11241100x80000000000000007215592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73e65173ff74932021-12-23 11:54:51.944root 11241100x80000000000000007215593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a5b4d60ae75ddc2021-12-23 11:54:51.944root 11241100x80000000000000007215594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64eb5073ede4c35e2021-12-23 11:54:51.944root 11241100x80000000000000007215595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a152c5e49356c2021-12-23 11:54:51.944root 11241100x80000000000000007215596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c901619ec123aa92021-12-23 11:54:52.443root 11241100x80000000000000007215597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9678e4f722a030972021-12-23 11:54:52.443root 11241100x80000000000000007215598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14a93abad21c27e2021-12-23 11:54:52.443root 11241100x80000000000000007215599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8987140c69cfde002021-12-23 11:54:52.443root 11241100x80000000000000007215600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8150cb1544e67fc92021-12-23 11:54:52.443root 11241100x80000000000000007215601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c498b5d1b227562021-12-23 11:54:52.443root 11241100x80000000000000007215602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866b48810b7b7c22021-12-23 11:54:52.443root 11241100x80000000000000007215603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c934cfd9def912fa2021-12-23 11:54:52.443root 11241100x80000000000000007215604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d922441975715f2021-12-23 11:54:52.444root 11241100x80000000000000007215605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c13c4d127ebb5572021-12-23 11:54:52.444root 11241100x80000000000000007215606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2c396d2bda17f52021-12-23 11:54:52.444root 11241100x80000000000000007215607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d555d837bf66eab2021-12-23 11:54:52.444root 11241100x80000000000000007215608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c54dd65454dd502021-12-23 11:54:52.943root 11241100x80000000000000007215609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71365e2407d771b2021-12-23 11:54:52.943root 11241100x80000000000000007215610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1508deeef4cd68d22021-12-23 11:54:52.943root 11241100x80000000000000007215611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66550ca8a0b2ce892021-12-23 11:54:52.943root 11241100x80000000000000007215612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7975478c008d12c32021-12-23 11:54:52.943root 11241100x80000000000000007215613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6784036f56648b392021-12-23 11:54:52.943root 11241100x80000000000000007215614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737cddb9a0de47802021-12-23 11:54:52.944root 11241100x80000000000000007215615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f911f6e662c8cfb12021-12-23 11:54:52.944root 11241100x80000000000000007215616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf7571d136ec64c2021-12-23 11:54:52.944root 11241100x80000000000000007215617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4a52b875de55a92021-12-23 11:54:52.944root 11241100x80000000000000007215618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192b270b157845982021-12-23 11:54:52.944root 11241100x80000000000000007215619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9b9988ccbe9bf32021-12-23 11:54:52.944root 11241100x80000000000000007215620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fae6192f8f7ef562021-12-23 11:54:53.443root 11241100x80000000000000007215621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec6472625b81b6a2021-12-23 11:54:53.443root 11241100x80000000000000007215622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f9c212b31fae232021-12-23 11:54:53.443root 11241100x80000000000000007215623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9024040297c2ee2021-12-23 11:54:53.443root 11241100x80000000000000007215624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a37254b9a099012021-12-23 11:54:53.443root 11241100x80000000000000007215625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a070abde56651252021-12-23 11:54:53.443root 11241100x80000000000000007215626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264b47282826b5182021-12-23 11:54:53.443root 11241100x80000000000000007215627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39fe286299306672021-12-23 11:54:53.443root 11241100x80000000000000007215628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f082657cc687380c2021-12-23 11:54:53.443root 11241100x80000000000000007215629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cf634f6de0f3dd2021-12-23 11:54:53.443root 11241100x80000000000000007215630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e0bfb88df04dfb2021-12-23 11:54:53.443root 11241100x80000000000000007215631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1329f702fb9fb2021-12-23 11:54:53.444root 11241100x80000000000000007215632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bba42ab7d1519d2021-12-23 11:54:53.943root 11241100x80000000000000007215633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2f13cf31f512182021-12-23 11:54:53.943root 11241100x80000000000000007215634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892384d8a0bd3dc82021-12-23 11:54:53.943root 11241100x80000000000000007215635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7db30b5a9208fb52021-12-23 11:54:53.943root 11241100x80000000000000007215636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeee9b4a45096a42021-12-23 11:54:53.943root 11241100x80000000000000007215637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f278560bfcee6c42021-12-23 11:54:53.944root 11241100x80000000000000007215638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c52641f489acd192021-12-23 11:54:53.944root 11241100x80000000000000007215639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7eadc6f7247bbf2021-12-23 11:54:53.944root 11241100x80000000000000007215640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fb4770ab4097c72021-12-23 11:54:53.944root 11241100x80000000000000007215641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd9752679175af62021-12-23 11:54:53.944root 11241100x80000000000000007215642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2448d09cf22aff702021-12-23 11:54:53.944root 11241100x80000000000000007215643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef37ff9a8d5403352021-12-23 11:54:53.944root 11241100x80000000000000007215644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6d27a340a653f12021-12-23 11:54:54.443root 11241100x80000000000000007215645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7ba366726407862021-12-23 11:54:54.443root 11241100x80000000000000007215646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8947ffdba7ce4092021-12-23 11:54:54.443root 11241100x80000000000000007215647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98deb77c1993f1972021-12-23 11:54:54.443root 11241100x80000000000000007215648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d12e578bbb7222021-12-23 11:54:54.444root 11241100x80000000000000007215649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14966fedb1019e942021-12-23 11:54:54.444root 11241100x80000000000000007215650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a063170cf724da2021-12-23 11:54:54.444root 11241100x80000000000000007215651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fccf20a235978cc2021-12-23 11:54:54.444root 11241100x80000000000000007215652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a98d7df51eb04062021-12-23 11:54:54.445root 11241100x80000000000000007215653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7795de5f23ffd012021-12-23 11:54:54.445root 11241100x80000000000000007215654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebca0086b7cdbd42021-12-23 11:54:54.445root 11241100x80000000000000007215655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc0957c20456f5c2021-12-23 11:54:54.445root 11241100x80000000000000007215656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f62298bc8f11632021-12-23 11:54:54.942root 11241100x80000000000000007215657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d572e406fd1eba72021-12-23 11:54:54.943root 11241100x80000000000000007215658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dba29778e63ab1f2021-12-23 11:54:54.943root 11241100x80000000000000007215659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fe8291b93039352021-12-23 11:54:54.943root 11241100x80000000000000007215660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4734bbfb7d06ed552021-12-23 11:54:54.944root 11241100x80000000000000007215661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d316ff550f344dfb2021-12-23 11:54:54.944root 11241100x80000000000000007215662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af01537787ab2f82021-12-23 11:54:54.944root 11241100x80000000000000007215663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45778a0fb7051d42021-12-23 11:54:54.944root 11241100x80000000000000007215664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4c1551492bf1952021-12-23 11:54:54.945root 11241100x80000000000000007215665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b5e11a09a303c12021-12-23 11:54:54.945root 11241100x80000000000000007215666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7eb6e2e6c469612021-12-23 11:54:54.945root 11241100x80000000000000007215667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba134f2143e9ad1e2021-12-23 11:54:54.945root 354300x80000000000000007215668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.115{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33840-false10.0.1.12-8000- 11241100x80000000000000007215669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299eac527fbf41fb2021-12-23 11:54:55.443root 11241100x80000000000000007215670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab6ce0281def7482021-12-23 11:54:55.443root 11241100x80000000000000007215671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bc0526c4d431ee2021-12-23 11:54:55.444root 11241100x80000000000000007215672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e70a0bea2d93652021-12-23 11:54:55.444root 11241100x80000000000000007215673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb0a93620724c22021-12-23 11:54:55.444root 11241100x80000000000000007215674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033d77efcc5a1e0e2021-12-23 11:54:55.444root 11241100x80000000000000007215675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7021669c75e2e1b2021-12-23 11:54:55.445root 11241100x80000000000000007215676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290a596d62b7ffd02021-12-23 11:54:55.445root 11241100x80000000000000007215677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141aff5d9bd5254c2021-12-23 11:54:55.445root 11241100x80000000000000007215678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381d83ac91c414be2021-12-23 11:54:55.445root 11241100x80000000000000007215679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9659248e362eeacf2021-12-23 11:54:55.445root 11241100x80000000000000007215680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3466d34986c9f8ca2021-12-23 11:54:55.445root 11241100x80000000000000007215681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856709f89122f00f2021-12-23 11:54:55.445root 11241100x80000000000000007215682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6359cfe1594f22382021-12-23 11:54:55.943root 11241100x80000000000000007215683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5501f7b0ed8ab902021-12-23 11:54:55.943root 11241100x80000000000000007215684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f08ebadfe814a542021-12-23 11:54:55.943root 11241100x80000000000000007215685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96907474d70a3562021-12-23 11:54:55.943root 11241100x80000000000000007215686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97092fb5b54da1132021-12-23 11:54:55.943root 11241100x80000000000000007215687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfa1e7abf77de282021-12-23 11:54:55.943root 11241100x80000000000000007215688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423b76dc5959fb42021-12-23 11:54:55.943root 11241100x80000000000000007215689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422004f7144fb9202021-12-23 11:54:55.944root 11241100x80000000000000007215690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73916d2e3cf89d202021-12-23 11:54:55.944root 11241100x80000000000000007215691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99114f718e0e3762021-12-23 11:54:55.944root 11241100x80000000000000007215692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d5c55df7891fd82021-12-23 11:54:55.944root 11241100x80000000000000007215693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c9da5cdd8c7eea2021-12-23 11:54:55.944root 11241100x80000000000000007215694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e42789750e5a742021-12-23 11:54:55.944root 11241100x80000000000000007215695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9fb1d3999e49ae2021-12-23 11:54:56.443root 11241100x80000000000000007215696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1820f546ae7c6db32021-12-23 11:54:56.443root 11241100x80000000000000007215697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ec8a3567081ba12021-12-23 11:54:56.443root 11241100x80000000000000007215698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546aac5eadeaa2872021-12-23 11:54:56.443root 11241100x80000000000000007215699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b362d2d8cdcf8b02021-12-23 11:54:56.444root 11241100x80000000000000007215700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c529de93f2a95932021-12-23 11:54:56.444root 11241100x80000000000000007215701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f927be41d6ee87dd2021-12-23 11:54:56.444root 11241100x80000000000000007215702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df0092dddebcfe72021-12-23 11:54:56.444root 11241100x80000000000000007215703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad10b90dc198f0df2021-12-23 11:54:56.444root 11241100x80000000000000007215704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0397358d2293bbac2021-12-23 11:54:56.444root 11241100x80000000000000007215705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e19a291f74b5582021-12-23 11:54:56.444root 11241100x80000000000000007215706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26771adae902118f2021-12-23 11:54:56.444root 11241100x80000000000000007215707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac231d028207cec2021-12-23 11:54:56.444root 11241100x80000000000000007215708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72663e98d407f3a92021-12-23 11:54:56.942root 11241100x80000000000000007215709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1814906876ff45292021-12-23 11:54:56.943root 11241100x80000000000000007215710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2256d514b873c9da2021-12-23 11:54:56.943root 11241100x80000000000000007215711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d64a04e368d0da2021-12-23 11:54:56.943root 11241100x80000000000000007215712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd08050e3a7ebe272021-12-23 11:54:56.944root 11241100x80000000000000007215713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4d9249202421632021-12-23 11:54:56.944root 11241100x80000000000000007215714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960d826f17a7055b2021-12-23 11:54:56.944root 11241100x80000000000000007215715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dbdca78ac287962021-12-23 11:54:56.944root 11241100x80000000000000007215716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b0fb47007777572021-12-23 11:54:56.944root 11241100x80000000000000007215717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265091dcae6488ee2021-12-23 11:54:56.944root 11241100x80000000000000007215718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30841840dc95bcf92021-12-23 11:54:56.944root 11241100x80000000000000007215719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8b548aae72210f2021-12-23 11:54:56.944root 11241100x80000000000000007215720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08e06efeda154192021-12-23 11:54:56.945root 11241100x80000000000000007215721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec98d4ffe7049ff12021-12-23 11:54:57.443root 11241100x80000000000000007215722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f6e81d7efb432a2021-12-23 11:54:57.443root 11241100x80000000000000007215723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68bba52f73706c12021-12-23 11:54:57.443root 11241100x80000000000000007215724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078314833e0ee4c62021-12-23 11:54:57.443root 11241100x80000000000000007215725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d3159a6cac9ca32021-12-23 11:54:57.443root 11241100x80000000000000007215726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747e7e93a37bce182021-12-23 11:54:57.443root 11241100x80000000000000007215727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed722cae6b0b6df2021-12-23 11:54:57.443root 11241100x80000000000000007215728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83322bc89b1105222021-12-23 11:54:57.444root 11241100x80000000000000007215729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025e5c7f1d4dc0282021-12-23 11:54:57.444root 11241100x80000000000000007215730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b41f1f67521cf1a2021-12-23 11:54:57.444root 11241100x80000000000000007215731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f26fc69e9702d62021-12-23 11:54:57.444root 11241100x80000000000000007215732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6116b2c036b920b42021-12-23 11:54:57.444root 11241100x80000000000000007215733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076d51d1aa1eb1c12021-12-23 11:54:57.444root 11241100x80000000000000007215734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b776903b29b812482021-12-23 11:54:57.943root 11241100x80000000000000007215735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774053e0f5f4f2a2021-12-23 11:54:57.943root 11241100x80000000000000007215736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72decf2ab5d0f6732021-12-23 11:54:57.943root 11241100x80000000000000007215737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ef5e11d8b0c7982021-12-23 11:54:57.943root 11241100x80000000000000007215738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8cff72a9e8c1852021-12-23 11:54:57.943root 11241100x80000000000000007215739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb15083a26315062021-12-23 11:54:57.943root 11241100x80000000000000007215740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c43f827233af9fe2021-12-23 11:54:57.943root 11241100x80000000000000007215741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371e8a62037885452021-12-23 11:54:57.944root 11241100x80000000000000007215742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e386782d0968c2d12021-12-23 11:54:57.944root 11241100x80000000000000007215743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2398722f5d47ae82021-12-23 11:54:57.944root 11241100x80000000000000007215744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5a12b7960c6a082021-12-23 11:54:57.944root 11241100x80000000000000007215745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce302d32ffd93232021-12-23 11:54:57.944root 11241100x80000000000000007215746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f831466eac1d7102021-12-23 11:54:57.944root 11241100x80000000000000007215747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91f1cd0cf7791c22021-12-23 11:54:58.443root 11241100x80000000000000007215748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2f29d6639b60562021-12-23 11:54:58.443root 11241100x80000000000000007215749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a93f951b0171832021-12-23 11:54:58.443root 11241100x80000000000000007215750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abdbf76e59ce7fa2021-12-23 11:54:58.443root 11241100x80000000000000007215751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd6b05f2dd927bf2021-12-23 11:54:58.443root 11241100x80000000000000007215752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ef7569225795292021-12-23 11:54:58.443root 11241100x80000000000000007215753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ae8e99fc587d7f2021-12-23 11:54:58.443root 11241100x80000000000000007215754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a546d8ec469ec88a2021-12-23 11:54:58.443root 11241100x80000000000000007215755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e216da6681ce57702021-12-23 11:54:58.443root 11241100x80000000000000007215756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b7e5ba20ccf132021-12-23 11:54:58.444root 11241100x80000000000000007215757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a34d6ac386e89e82021-12-23 11:54:58.444root 11241100x80000000000000007215758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a607ff6591100362021-12-23 11:54:58.444root 11241100x80000000000000007215759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65284204c47360852021-12-23 11:54:58.444root 11241100x80000000000000007215760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9831075c9f131f332021-12-23 11:54:58.943root 11241100x80000000000000007215761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11305b8fd00168762021-12-23 11:54:58.943root 11241100x80000000000000007215762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f9be93ac801ca32021-12-23 11:54:58.944root 11241100x80000000000000007215763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adfbe20421cd37a2021-12-23 11:54:58.944root 11241100x80000000000000007215764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d1cb5ab7c653f42021-12-23 11:54:58.944root 11241100x80000000000000007215765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aabee56271002e2021-12-23 11:54:58.944root 11241100x80000000000000007215766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92df2fa1b93d15f2021-12-23 11:54:58.945root 11241100x80000000000000007215767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a792c55f29bf1e2021-12-23 11:54:58.945root 11241100x80000000000000007215768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e1fc7d6c5ef162021-12-23 11:54:58.945root 11241100x80000000000000007215769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05902cd17021f3f52021-12-23 11:54:58.945root 11241100x80000000000000007215770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2ba9bcc0dfe6f22021-12-23 11:54:58.946root 11241100x80000000000000007215771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1306496c1fd189912021-12-23 11:54:58.946root 11241100x80000000000000007215772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c99c8bfa48195292021-12-23 11:54:58.946root 11241100x80000000000000007215773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b222bf009bafc3a22021-12-23 11:54:59.443root 11241100x80000000000000007215774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75986126c082f3b72021-12-23 11:54:59.443root 11241100x80000000000000007215775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3ae075b11c112a2021-12-23 11:54:59.443root 11241100x80000000000000007215776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8157aeaeedc12b802021-12-23 11:54:59.443root 11241100x80000000000000007215777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307947e2b18d9e7c2021-12-23 11:54:59.443root 11241100x80000000000000007215778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95148ab1dfb67c6d2021-12-23 11:54:59.444root 11241100x80000000000000007215779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d76cd8bc1c032032021-12-23 11:54:59.444root 11241100x80000000000000007215780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d8673d1e0ec052021-12-23 11:54:59.444root 11241100x80000000000000007215781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ace47c6baf763712021-12-23 11:54:59.444root 11241100x80000000000000007215782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d3035566b47ff2021-12-23 11:54:59.444root 11241100x80000000000000007215783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9571c34a4cfc59d2021-12-23 11:54:59.444root 11241100x80000000000000007215784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ca2a39169c95642021-12-23 11:54:59.444root 11241100x80000000000000007215785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7e1005bc79a4c32021-12-23 11:54:59.444root 11241100x80000000000000007215786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c84fd0f12f143e2021-12-23 11:54:59.943root 11241100x80000000000000007215787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e81a8e139ece32021-12-23 11:54:59.943root 11241100x80000000000000007215788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b25140ffbd816612021-12-23 11:54:59.943root 11241100x80000000000000007215789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b75fa6b4ea9be72021-12-23 11:54:59.943root 11241100x80000000000000007215790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae8aa093de840692021-12-23 11:54:59.943root 11241100x80000000000000007215791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55681119e5a1bf782021-12-23 11:54:59.943root 11241100x80000000000000007215792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e4b53cb97b15e2021-12-23 11:54:59.944root 11241100x80000000000000007215793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6edf367fcb27d6b2021-12-23 11:54:59.944root 11241100x80000000000000007215794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7e3c9abe5cb3b32021-12-23 11:54:59.944root 11241100x80000000000000007215795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e72dc404061d15c2021-12-23 11:54:59.944root 11241100x80000000000000007215796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45927767ae8943902021-12-23 11:54:59.944root 11241100x80000000000000007215797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fb13c8b62504f72021-12-23 11:54:59.944root 11241100x80000000000000007215798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:54:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d2ba24936cc7002021-12-23 11:54:59.944root 11241100x80000000000000007215799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:55:00.142root 354300x80000000000000007215800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.210{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33842-false10.0.1.12-8000- 11241100x80000000000000007215801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033d684383eb5262021-12-23 11:55:00.211root 11241100x80000000000000007215802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13879dce1b19c2b52021-12-23 11:55:00.211root 11241100x80000000000000007215803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40eeeff86bd7ce32021-12-23 11:55:00.211root 11241100x80000000000000007215804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3246118260bfb73a2021-12-23 11:55:00.211root 11241100x80000000000000007215805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7ce2f419f485852021-12-23 11:55:00.211root 11241100x80000000000000007215806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f27934072c669152021-12-23 11:55:00.211root 11241100x80000000000000007215807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bbc40134857f1e2021-12-23 11:55:00.211root 11241100x80000000000000007215808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec4e4fda3ff4e612021-12-23 11:55:00.211root 11241100x80000000000000007215809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b4a6b952aea7622021-12-23 11:55:00.211root 11241100x80000000000000007215810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b906a1a7c170ffcb2021-12-23 11:55:00.211root 11241100x80000000000000007215811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd03da61eb25dc82021-12-23 11:55:00.211root 11241100x80000000000000007215812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfc5eb0ade6b6732021-12-23 11:55:00.212root 11241100x80000000000000007215813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea251713496612212021-12-23 11:55:00.212root 11241100x80000000000000007215814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1724621c2b9bde2021-12-23 11:55:00.212root 11241100x80000000000000007215815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2bb1f3f6417a62021-12-23 11:55:00.212root 11241100x80000000000000007215816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898bd20cc24d2a822021-12-23 11:55:00.693root 11241100x80000000000000007215817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e489bd29d7768e252021-12-23 11:55:00.693root 11241100x80000000000000007215818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4ad7a52be726ab2021-12-23 11:55:00.694root 11241100x80000000000000007215819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa2d773cca9d2fc2021-12-23 11:55:00.694root 11241100x80000000000000007215820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341a23799f566b522021-12-23 11:55:00.694root 11241100x80000000000000007215821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2984b878a89b6572021-12-23 11:55:00.694root 11241100x80000000000000007215822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783064dea6a2af4d2021-12-23 11:55:00.695root 11241100x80000000000000007215823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f682e500edf12b2021-12-23 11:55:00.695root 11241100x80000000000000007215824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6178a31b9b9933f32021-12-23 11:55:00.695root 11241100x80000000000000007215825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def8b19ebbf3e7752021-12-23 11:55:00.695root 11241100x80000000000000007215826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfd0a486f6e6c952021-12-23 11:55:00.695root 11241100x80000000000000007215827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daeae1a9a0dfe8d2021-12-23 11:55:00.696root 11241100x80000000000000007215828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a3bbc8b4c2518b2021-12-23 11:55:00.696root 11241100x80000000000000007215829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ec04bb8a1c67ac2021-12-23 11:55:00.696root 11241100x80000000000000007215830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219b2a61e803140f2021-12-23 11:55:00.696root 11241100x80000000000000007215831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ad406294a01ba62021-12-23 11:55:01.193root 11241100x80000000000000007215832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3ec615e0eba2f52021-12-23 11:55:01.193root 11241100x80000000000000007215833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d5766f37f1ff02021-12-23 11:55:01.193root 11241100x80000000000000007215834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d6b8284ae832b82021-12-23 11:55:01.193root 11241100x80000000000000007215835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9170601bf920d0d42021-12-23 11:55:01.195root 11241100x80000000000000007215836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2c09ae425d14d32021-12-23 11:55:01.195root 11241100x80000000000000007215837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f42bae8eebb17f2021-12-23 11:55:01.195root 11241100x80000000000000007215838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd158c75d3d2078c2021-12-23 11:55:01.195root 11241100x80000000000000007215839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc59a0bc07be4fd2021-12-23 11:55:01.195root 11241100x80000000000000007215840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb616c52233a5132021-12-23 11:55:01.195root 11241100x80000000000000007215841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983cff3caf3408952021-12-23 11:55:01.195root 11241100x80000000000000007215842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d99fc9e3405eaf82021-12-23 11:55:01.196root 11241100x80000000000000007215843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9f313e8c8fd60a2021-12-23 11:55:01.196root 11241100x80000000000000007215844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8516f51c2a633192021-12-23 11:55:01.196root 11241100x80000000000000007215845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be15799520c4812021-12-23 11:55:01.196root 11241100x80000000000000007215846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3361eebeafa08702021-12-23 11:55:01.693root 11241100x80000000000000007215847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f1e5e5877149102021-12-23 11:55:01.693root 11241100x80000000000000007215848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c3afacd009645d2021-12-23 11:55:01.693root 11241100x80000000000000007215849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e05dd4efdb63cd2021-12-23 11:55:01.693root 11241100x80000000000000007215850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f18d0d2f3d605e2021-12-23 11:55:01.693root 11241100x80000000000000007215851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9452e11df4beb32021-12-23 11:55:01.693root 11241100x80000000000000007215852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df551edc6335e5912021-12-23 11:55:01.694root 11241100x80000000000000007215853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72d65852c7b7ce92021-12-23 11:55:01.694root 11241100x80000000000000007215854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ff0735f7f6c2a32021-12-23 11:55:01.694root 11241100x80000000000000007215855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4309df5acc7607f82021-12-23 11:55:01.694root 11241100x80000000000000007215856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a717fbbff9a6ef4d2021-12-23 11:55:01.694root 11241100x80000000000000007215857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dc35d0649d567a2021-12-23 11:55:01.694root 11241100x80000000000000007215858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788e243a9c6d87c42021-12-23 11:55:01.694root 11241100x80000000000000007215859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4ae7d18cc1888f2021-12-23 11:55:01.694root 11241100x80000000000000007215860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162348e7ef6193172021-12-23 11:55:01.694root 11241100x80000000000000007215861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a6778b2096bbd32021-12-23 11:55:02.193root 11241100x80000000000000007215862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0462228bd49903632021-12-23 11:55:02.193root 11241100x80000000000000007215863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b86b4aab6f3cab2021-12-23 11:55:02.193root 11241100x80000000000000007215864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a500dee013061c42021-12-23 11:55:02.193root 11241100x80000000000000007215865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280cf8e4f48f369f2021-12-23 11:55:02.193root 11241100x80000000000000007215866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df60da4aae46bf0f2021-12-23 11:55:02.194root 11241100x80000000000000007215867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a225869074db9c472021-12-23 11:55:02.194root 11241100x80000000000000007215868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b8f485e40bc5032021-12-23 11:55:02.194root 11241100x80000000000000007215869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622b8543deb1ed752021-12-23 11:55:02.194root 11241100x80000000000000007215870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7a51bec8b118e22021-12-23 11:55:02.194root 11241100x80000000000000007215871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d84923de13a2d982021-12-23 11:55:02.194root 11241100x80000000000000007215872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160de5fe7a5376862021-12-23 11:55:02.194root 11241100x80000000000000007215873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ce881c65cdc2a72021-12-23 11:55:02.194root 11241100x80000000000000007215874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068e5240e5a7635e2021-12-23 11:55:02.194root 11241100x80000000000000007215875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b92aff761a6a2b92021-12-23 11:55:02.194root 11241100x80000000000000007215876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af3c85f836ee0402021-12-23 11:55:02.693root 11241100x80000000000000007215877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5e8e620285e0af2021-12-23 11:55:02.693root 11241100x80000000000000007215878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc8960960adba1f2021-12-23 11:55:02.693root 11241100x80000000000000007215879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3556f90f4f8882812021-12-23 11:55:02.693root 11241100x80000000000000007215880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64061988264846942021-12-23 11:55:02.693root 11241100x80000000000000007215881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b66ad861287ae2021-12-23 11:55:02.693root 11241100x80000000000000007215882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e654f4c36138752021-12-23 11:55:02.694root 11241100x80000000000000007215883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765374d92587f9c92021-12-23 11:55:02.694root 11241100x80000000000000007215884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca9c702d858dac12021-12-23 11:55:02.694root 11241100x80000000000000007215885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380fcc4d4fb18b282021-12-23 11:55:02.694root 11241100x80000000000000007215886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2358e9e2c754e42021-12-23 11:55:02.694root 11241100x80000000000000007215887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d513bbb41a600e2021-12-23 11:55:02.694root 11241100x80000000000000007215888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42af512eab1494fd2021-12-23 11:55:02.694root 11241100x80000000000000007215889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38606e8e73d5b2e12021-12-23 11:55:02.695root 11241100x80000000000000007215890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca07963d21176192021-12-23 11:55:02.695root 23542300x80000000000000007215891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007215892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f27c2e50ad961952021-12-23 11:55:03.144root 11241100x80000000000000007215893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89ff7b1ed9968f92021-12-23 11:55:03.144root 11241100x80000000000000007215894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc101266490efaef2021-12-23 11:55:03.144root 11241100x80000000000000007215895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d74ac21484b92d62021-12-23 11:55:03.145root 11241100x80000000000000007215896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09ab6e3e08bd1342021-12-23 11:55:03.145root 11241100x80000000000000007215897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e11161e28075ead2021-12-23 11:55:03.145root 11241100x80000000000000007215898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965bf9fff5a4a1732021-12-23 11:55:03.145root 11241100x80000000000000007215899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cd4571ceb48b192021-12-23 11:55:03.145root 11241100x80000000000000007215900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7574bc2992030bd2021-12-23 11:55:03.145root 11241100x80000000000000007215901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53bab6cd91b99662021-12-23 11:55:03.145root 11241100x80000000000000007215902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be33455580b3b25b2021-12-23 11:55:03.145root 11241100x80000000000000007215903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e6d1b328fa6e412021-12-23 11:55:03.145root 11241100x80000000000000007215904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8efe2554685a342021-12-23 11:55:03.145root 11241100x80000000000000007215905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113f012b9bcb727c2021-12-23 11:55:03.145root 11241100x80000000000000007215906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e1a4180c6a860f2021-12-23 11:55:03.146root 11241100x80000000000000007215907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8a2189493809442021-12-23 11:55:03.146root 11241100x80000000000000007215908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507b1e5ae67652372021-12-23 11:55:03.443root 11241100x80000000000000007215909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fce0b8d3d7ff462021-12-23 11:55:03.443root 11241100x80000000000000007215910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0721fd7f10b5cd82021-12-23 11:55:03.443root 11241100x80000000000000007215911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb6e85c89100cc92021-12-23 11:55:03.444root 11241100x80000000000000007215912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f597ea23fbbce7ac2021-12-23 11:55:03.444root 11241100x80000000000000007215913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964c935d608634b72021-12-23 11:55:03.444root 11241100x80000000000000007215914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8612c516fdfa58102021-12-23 11:55:03.444root 11241100x80000000000000007215915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6519c72408913bf2021-12-23 11:55:03.444root 11241100x80000000000000007215916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdae5d3cd2a59e3c2021-12-23 11:55:03.444root 11241100x80000000000000007215917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440e3d130796cf902021-12-23 11:55:03.445root 11241100x80000000000000007215918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508424adfe55593f2021-12-23 11:55:03.445root 11241100x80000000000000007215919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f15e85502e50c52021-12-23 11:55:03.445root 11241100x80000000000000007215920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c56636a6d8dbc2021-12-23 11:55:03.445root 11241100x80000000000000007215921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c51579b746dea2021-12-23 11:55:03.445root 11241100x80000000000000007215922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e8fdd2d702d1332021-12-23 11:55:03.446root 11241100x80000000000000007215923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8b711c3c6516ad2021-12-23 11:55:03.446root 11241100x80000000000000007215924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605febd08edd12b52021-12-23 11:55:03.943root 11241100x80000000000000007215925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a994ca613252ba2021-12-23 11:55:03.943root 11241100x80000000000000007215926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fc145ca727949e2021-12-23 11:55:03.944root 11241100x80000000000000007215927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a259bb14ed2aa12021-12-23 11:55:03.944root 11241100x80000000000000007215928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2ea6d514f5f4382021-12-23 11:55:03.944root 11241100x80000000000000007215929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2f5b2511089b4c2021-12-23 11:55:03.945root 11241100x80000000000000007215930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e96e7991d0c18de2021-12-23 11:55:03.945root 11241100x80000000000000007215931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429967f7b454d3902021-12-23 11:55:03.945root 11241100x80000000000000007215932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414ac49eca4af7052021-12-23 11:55:03.945root 11241100x80000000000000007215933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4287ac7d4841f31a2021-12-23 11:55:03.946root 11241100x80000000000000007215934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2e538106845ece2021-12-23 11:55:03.946root 11241100x80000000000000007215935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fed1d468cba32de2021-12-23 11:55:03.946root 11241100x80000000000000007215936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88bc7e7e5b1b9782021-12-23 11:55:03.946root 11241100x80000000000000007215937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa47e25efbd6fa62021-12-23 11:55:03.946root 11241100x80000000000000007215938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80826117b1a378232021-12-23 11:55:03.947root 11241100x80000000000000007215939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242308038b9e668b2021-12-23 11:55:03.947root 11241100x80000000000000007215940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd5db1b6a20862b2021-12-23 11:55:04.443root 11241100x80000000000000007215941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67094b034122a16a2021-12-23 11:55:04.443root 11241100x80000000000000007215942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adec9c481d65cf62021-12-23 11:55:04.443root 11241100x80000000000000007215943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9172fbdc7663cde62021-12-23 11:55:04.443root 11241100x80000000000000007215944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c339b1c331437e32021-12-23 11:55:04.444root 11241100x80000000000000007215945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0d2daea064d0d52021-12-23 11:55:04.444root 11241100x80000000000000007215946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ea7260d61d48252021-12-23 11:55:04.444root 11241100x80000000000000007215947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b583850e4781a2021-12-23 11:55:04.444root 11241100x80000000000000007215948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201b7fbae5f22e92021-12-23 11:55:04.444root 11241100x80000000000000007215949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaa79a6c96c10d32021-12-23 11:55:04.444root 11241100x80000000000000007215950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f760722d51c62e42021-12-23 11:55:04.445root 11241100x80000000000000007215951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f48550aee28a472021-12-23 11:55:04.445root 11241100x80000000000000007215952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d23c34aea3e4d852021-12-23 11:55:04.445root 11241100x80000000000000007215953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5d4c94deaf35df2021-12-23 11:55:04.445root 11241100x80000000000000007215954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc265a4e082d02382021-12-23 11:55:04.445root 11241100x80000000000000007215955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2454c6f0a19d02021-12-23 11:55:04.445root 11241100x80000000000000007215956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8047b97606514292021-12-23 11:55:04.943root 11241100x80000000000000007215957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3edf784cc9b35be2021-12-23 11:55:04.943root 11241100x80000000000000007215958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca6bd9797194e292021-12-23 11:55:04.943root 11241100x80000000000000007215959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd09a8906524d6902021-12-23 11:55:04.943root 11241100x80000000000000007215960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75121c78a89e45d22021-12-23 11:55:04.944root 11241100x80000000000000007215961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea4f66323d18d032021-12-23 11:55:04.944root 11241100x80000000000000007215962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757799c16ca87a812021-12-23 11:55:04.944root 11241100x80000000000000007215963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9badc0ab5f8dfb842021-12-23 11:55:04.944root 11241100x80000000000000007215964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade3bfff64768ced2021-12-23 11:55:04.944root 11241100x80000000000000007215965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85389e58ad9a504f2021-12-23 11:55:04.944root 11241100x80000000000000007215966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d1878a1d4c09542021-12-23 11:55:04.944root 11241100x80000000000000007215967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39462deac627dd3c2021-12-23 11:55:04.944root 11241100x80000000000000007215968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10de7f4d923ae1b2021-12-23 11:55:04.944root 11241100x80000000000000007215969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab79d0d8f3a4fb312021-12-23 11:55:04.944root 11241100x80000000000000007215970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f8aca9862c62a2021-12-23 11:55:04.944root 11241100x80000000000000007215971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9683bc3f94c2392021-12-23 11:55:04.944root 11241100x80000000000000007215972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c50bf60a4412e22021-12-23 11:55:05.443root 11241100x80000000000000007215973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5132aaa44c5df2ba2021-12-23 11:55:05.443root 11241100x80000000000000007215974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c68a149df6ea3ee2021-12-23 11:55:05.444root 11241100x80000000000000007215975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b2da6d20c7bcc72021-12-23 11:55:05.444root 11241100x80000000000000007215976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae4839efa22f68b2021-12-23 11:55:05.444root 11241100x80000000000000007215977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fcb3a4c2c559f92021-12-23 11:55:05.444root 11241100x80000000000000007215978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3430c40b84c1ae8c2021-12-23 11:55:05.445root 11241100x80000000000000007215979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20dc1631cd5f51b2021-12-23 11:55:05.445root 11241100x80000000000000007215980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74a008c1711ea1c2021-12-23 11:55:05.445root 11241100x80000000000000007215981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4918ab0b5131ac7c2021-12-23 11:55:05.445root 11241100x80000000000000007215982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737656d0436e55692021-12-23 11:55:05.445root 11241100x80000000000000007215983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f76967fb15e8322021-12-23 11:55:05.445root 11241100x80000000000000007215984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4293104efcd5c7a62021-12-23 11:55:05.445root 11241100x80000000000000007215985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e99badb610cc6282021-12-23 11:55:05.446root 11241100x80000000000000007215986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c205db21070ec52021-12-23 11:55:05.446root 11241100x80000000000000007215987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11346ec0793915d52021-12-23 11:55:05.446root 11241100x80000000000000007215988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee14fc3aadd99252021-12-23 11:55:05.943root 11241100x80000000000000007215989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e0fee83610a2b82021-12-23 11:55:05.944root 11241100x80000000000000007215990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18e181c07a67c832021-12-23 11:55:05.944root 11241100x80000000000000007215991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220442264900375f2021-12-23 11:55:05.944root 11241100x80000000000000007215992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7739c20c73c319f52021-12-23 11:55:05.944root 11241100x80000000000000007215993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c353deb895cbd7692021-12-23 11:55:05.945root 11241100x80000000000000007215994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd23681e0f6dd63b2021-12-23 11:55:05.946root 11241100x80000000000000007215995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462714b4a82c342e2021-12-23 11:55:05.947root 11241100x80000000000000007215996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da7361c554fb48a2021-12-23 11:55:05.948root 11241100x80000000000000007215997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402c65e259552dcb2021-12-23 11:55:05.948root 11241100x80000000000000007215998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0806ae80d7ea6bf32021-12-23 11:55:05.949root 11241100x80000000000000007215999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3337397238d667152021-12-23 11:55:05.949root 11241100x80000000000000007216000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2448b1b2acfb0eb2021-12-23 11:55:05.949root 11241100x80000000000000007216001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7b16b9439c59ea2021-12-23 11:55:05.949root 11241100x80000000000000007216002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3954aaa365d7ad612021-12-23 11:55:05.950root 11241100x80000000000000007216003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11d25b4da979b42021-12-23 11:55:05.950root 354300x80000000000000007216004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33844-false10.0.1.12-8000- 11241100x80000000000000007216005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c371ce2979bacd2021-12-23 11:55:06.443root 11241100x80000000000000007216006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cde6ae553198882021-12-23 11:55:06.443root 11241100x80000000000000007216007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc555aecea753882021-12-23 11:55:06.443root 11241100x80000000000000007216008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a35e4511a510a532021-12-23 11:55:06.443root 11241100x80000000000000007216009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7378ca601024d87a2021-12-23 11:55:06.443root 11241100x80000000000000007216010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57876bac70269ad62021-12-23 11:55:06.443root 11241100x80000000000000007216011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8852e59bb706a832021-12-23 11:55:06.443root 11241100x80000000000000007216012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e25f2b88fb4d532021-12-23 11:55:06.443root 11241100x80000000000000007216013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b566c221227eb02021-12-23 11:55:06.443root 11241100x80000000000000007216014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcb159f4551f4572021-12-23 11:55:06.444root 11241100x80000000000000007216015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3cc7194c6d42ce2021-12-23 11:55:06.444root 11241100x80000000000000007216016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164a8aaf70b05e362021-12-23 11:55:06.444root 11241100x80000000000000007216017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08917a1a423ac962021-12-23 11:55:06.444root 11241100x80000000000000007216018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ab5fcb69d896392021-12-23 11:55:06.444root 11241100x80000000000000007216019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af4c4dc89b7ebe42021-12-23 11:55:06.444root 11241100x80000000000000007216020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b880589185a42ab2021-12-23 11:55:06.444root 11241100x80000000000000007216021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a514d7d468f7a1c22021-12-23 11:55:06.444root 11241100x80000000000000007216022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fd325b243cb92c2021-12-23 11:55:06.943root 11241100x80000000000000007216023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97015d290b12c8e42021-12-23 11:55:06.943root 11241100x80000000000000007216024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b13117834517762021-12-23 11:55:06.943root 11241100x80000000000000007216025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96fa1a4dd9f55e52021-12-23 11:55:06.944root 11241100x80000000000000007216026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d95db87bfaec532021-12-23 11:55:06.944root 11241100x80000000000000007216027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9036ee3c0c41192021-12-23 11:55:06.944root 11241100x80000000000000007216028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c9943b9b1e701c2021-12-23 11:55:06.944root 11241100x80000000000000007216029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d75af4b3df8e32021-12-23 11:55:06.944root 11241100x80000000000000007216030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086f3faebeb8c5292021-12-23 11:55:06.944root 11241100x80000000000000007216031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a043ed7ab68d6a12021-12-23 11:55:06.944root 11241100x80000000000000007216032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a417412c6cb96d672021-12-23 11:55:06.944root 11241100x80000000000000007216033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4140f851f48eea0f2021-12-23 11:55:06.945root 11241100x80000000000000007216034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d3c4a677c5f6e22021-12-23 11:55:06.945root 11241100x80000000000000007216035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118333402aee26712021-12-23 11:55:06.945root 11241100x80000000000000007216036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5520a4f6644b9a2021-12-23 11:55:06.945root 11241100x80000000000000007216037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2ff2f8c0ed28ce2021-12-23 11:55:06.945root 11241100x80000000000000007216038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853ad1bc37b93be2021-12-23 11:55:06.945root 11241100x80000000000000007216039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386a13a74be6b7de2021-12-23 11:55:07.443root 11241100x80000000000000007216040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32969f41d99903db2021-12-23 11:55:07.443root 11241100x80000000000000007216041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe48b4bf54e33a8d2021-12-23 11:55:07.444root 11241100x80000000000000007216042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57e9fd0df4e97352021-12-23 11:55:07.444root 11241100x80000000000000007216043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51732f47cac22b782021-12-23 11:55:07.444root 11241100x80000000000000007216044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6a15e0f307444a2021-12-23 11:55:07.444root 11241100x80000000000000007216045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4dd18dd70cf2132021-12-23 11:55:07.444root 11241100x80000000000000007216046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e3874b5291af4f2021-12-23 11:55:07.444root 11241100x80000000000000007216047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208fccda24fd1b952021-12-23 11:55:07.444root 11241100x80000000000000007216048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f65681056382a862021-12-23 11:55:07.444root 11241100x80000000000000007216049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0320d1ac79e3fbfd2021-12-23 11:55:07.444root 11241100x80000000000000007216050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fea08eae8224a12021-12-23 11:55:07.444root 11241100x80000000000000007216051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d83b7265c49acb52021-12-23 11:55:07.444root 11241100x80000000000000007216052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb581c572b4a2d32021-12-23 11:55:07.444root 11241100x80000000000000007216053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e3a17027d1daf32021-12-23 11:55:07.445root 11241100x80000000000000007216054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4748e48d576b672021-12-23 11:55:07.445root 11241100x80000000000000007216055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dfa3803f49663e2021-12-23 11:55:07.445root 11241100x80000000000000007216056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9020ef94185bd8ef2021-12-23 11:55:07.942root 11241100x80000000000000007216057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047978df8bd8e5372021-12-23 11:55:07.943root 11241100x80000000000000007216058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f4a74a52c2805e2021-12-23 11:55:07.943root 11241100x80000000000000007216059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98fa231655fb36a2021-12-23 11:55:07.943root 11241100x80000000000000007216060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac6bdefb4b4d5d62021-12-23 11:55:07.943root 11241100x80000000000000007216061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acb19e2dd47d4492021-12-23 11:55:07.943root 11241100x80000000000000007216062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250e712269e906402021-12-23 11:55:07.943root 11241100x80000000000000007216063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f240d9216234f0242021-12-23 11:55:07.943root 11241100x80000000000000007216064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e065902dd1c20fe2021-12-23 11:55:07.943root 11241100x80000000000000007216065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5040655a38bf3db42021-12-23 11:55:07.943root 11241100x80000000000000007216066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0158b104420787092021-12-23 11:55:07.943root 11241100x80000000000000007216067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e32d562a98916802021-12-23 11:55:07.944root 11241100x80000000000000007216068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abc3c1d4f78521d2021-12-23 11:55:07.944root 11241100x80000000000000007216069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5d018b5d03d76e2021-12-23 11:55:07.944root 11241100x80000000000000007216070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f08aa9604177d32021-12-23 11:55:07.944root 11241100x80000000000000007216071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2105ef01af318aca2021-12-23 11:55:07.944root 11241100x80000000000000007216072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54fa234272839622021-12-23 11:55:07.944root 11241100x80000000000000007216073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d0f039d77d96b52021-12-23 11:55:08.443root 11241100x80000000000000007216074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e88a998b56186d2021-12-23 11:55:08.443root 11241100x80000000000000007216075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaad1ec0077712c2021-12-23 11:55:08.443root 11241100x80000000000000007216076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648840b5b30d04242021-12-23 11:55:08.443root 11241100x80000000000000007216077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f5461c97f5d80c2021-12-23 11:55:08.443root 11241100x80000000000000007216078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a225a3243630d5bc2021-12-23 11:55:08.443root 11241100x80000000000000007216079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e23f8ccae94c082021-12-23 11:55:08.443root 11241100x80000000000000007216080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dd6d0d3b2602022021-12-23 11:55:08.443root 11241100x80000000000000007216081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0885bc11e1db8af92021-12-23 11:55:08.443root 11241100x80000000000000007216082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b785cf8c610c28fd2021-12-23 11:55:08.443root 11241100x80000000000000007216083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74c6549a27cc9262021-12-23 11:55:08.443root 11241100x80000000000000007216084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b5d1ddf3724a52021-12-23 11:55:08.444root 11241100x80000000000000007216085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d87324243dbd122021-12-23 11:55:08.444root 11241100x80000000000000007216086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44632f7cd32dfe982021-12-23 11:55:08.444root 11241100x80000000000000007216087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896d6b770c31f1a62021-12-23 11:55:08.444root 11241100x80000000000000007216088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd228f94dfd20e02021-12-23 11:55:08.444root 11241100x80000000000000007216089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f063daf0b7cfdf2021-12-23 11:55:08.444root 11241100x80000000000000007216090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ac953a44e59a612021-12-23 11:55:08.943root 11241100x80000000000000007216091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae21bba67cf9252021-12-23 11:55:08.943root 11241100x80000000000000007216092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b671e66ff008298e2021-12-23 11:55:08.943root 11241100x80000000000000007216093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c7e08e29f1c802021-12-23 11:55:08.943root 11241100x80000000000000007216094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3604b0f60b5c2f2021-12-23 11:55:08.943root 11241100x80000000000000007216095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec364ca37059d072021-12-23 11:55:08.943root 11241100x80000000000000007216096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ff6713087994002021-12-23 11:55:08.943root 11241100x80000000000000007216097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20036429a5f686c42021-12-23 11:55:08.943root 11241100x80000000000000007216098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12318ce322c3f85c2021-12-23 11:55:08.944root 11241100x80000000000000007216099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe5a6f9eed7957f2021-12-23 11:55:08.944root 11241100x80000000000000007216100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163e3f0422713522021-12-23 11:55:08.944root 11241100x80000000000000007216101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41f2e52a5e3a3d2021-12-23 11:55:08.944root 11241100x80000000000000007216102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc771d80c2a8baa2021-12-23 11:55:08.944root 11241100x80000000000000007216103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6eac8261fdb9a82021-12-23 11:55:08.944root 11241100x80000000000000007216104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8217c97acbfe886f2021-12-23 11:55:08.944root 11241100x80000000000000007216105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc4c3b4bb78ed2e2021-12-23 11:55:08.944root 11241100x80000000000000007216106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eb4abcbf829e652021-12-23 11:55:08.945root 11241100x80000000000000007216107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defd2116634ed8a12021-12-23 11:55:09.443root 11241100x80000000000000007216108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05b32d6c5e959802021-12-23 11:55:09.443root 11241100x80000000000000007216109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70563fcdad8767a82021-12-23 11:55:09.443root 11241100x80000000000000007216110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3612de6d77ac852021-12-23 11:55:09.443root 11241100x80000000000000007216111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912813aded6c01b22021-12-23 11:55:09.443root 11241100x80000000000000007216112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2404206576ed16e82021-12-23 11:55:09.443root 11241100x80000000000000007216113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5003418fc5c00cb2021-12-23 11:55:09.443root 11241100x80000000000000007216114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e480ccb569348cad2021-12-23 11:55:09.443root 11241100x80000000000000007216115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b98cc50753b2922021-12-23 11:55:09.444root 11241100x80000000000000007216116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fbf1b9ea2dd0552021-12-23 11:55:09.444root 11241100x80000000000000007216117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6e7dd2ea06b1b52021-12-23 11:55:09.444root 11241100x80000000000000007216118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc2400316fd87702021-12-23 11:55:09.444root 11241100x80000000000000007216119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052319e00c8eb4172021-12-23 11:55:09.444root 11241100x80000000000000007216120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ca66e0050e4d932021-12-23 11:55:09.444root 11241100x80000000000000007216121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb39c7f8662a3062021-12-23 11:55:09.444root 11241100x80000000000000007216122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c5401b3226a5662021-12-23 11:55:09.444root 11241100x80000000000000007216123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef28f923e3a62bd2021-12-23 11:55:09.444root 11241100x80000000000000007216124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d06bea58a8a2992021-12-23 11:55:09.943root 11241100x80000000000000007216125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0bd54fb573d15f2021-12-23 11:55:09.943root 11241100x80000000000000007216126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36a881c926389202021-12-23 11:55:09.943root 11241100x80000000000000007216127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48090899f14aaac02021-12-23 11:55:09.943root 11241100x80000000000000007216128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985bfceb94bef2222021-12-23 11:55:09.943root 11241100x80000000000000007216129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfa1ecd7810aaac2021-12-23 11:55:09.943root 11241100x80000000000000007216130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cede9e2702caf52021-12-23 11:55:09.943root 11241100x80000000000000007216131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f8f8578eca82002021-12-23 11:55:09.943root 11241100x80000000000000007216132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e12e93d1c847262021-12-23 11:55:09.943root 11241100x80000000000000007216133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d560a337899afd052021-12-23 11:55:09.943root 11241100x80000000000000007216134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9c4e7bfd281f192021-12-23 11:55:09.943root 11241100x80000000000000007216135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f99a893499cbc142021-12-23 11:55:09.944root 11241100x80000000000000007216136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8928717bd85ebb922021-12-23 11:55:09.944root 11241100x80000000000000007216137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2b9b39d146722b2021-12-23 11:55:09.944root 11241100x80000000000000007216138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc79e38f5c99eba2021-12-23 11:55:09.944root 11241100x80000000000000007216139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0c43c3aa02c89f2021-12-23 11:55:09.944root 11241100x80000000000000007216140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6cdf6cce1c6c3c2021-12-23 11:55:09.944root 11241100x80000000000000007216141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eff1defeb4d4732021-12-23 11:55:10.443root 11241100x80000000000000007216142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b1e651990451162021-12-23 11:55:10.443root 11241100x80000000000000007216143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56c2cd2bff97e1a2021-12-23 11:55:10.443root 11241100x80000000000000007216144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c476706678c5632c2021-12-23 11:55:10.443root 11241100x80000000000000007216145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33a0c67ba48d45f2021-12-23 11:55:10.443root 11241100x80000000000000007216146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34682cdb34ab52732021-12-23 11:55:10.443root 11241100x80000000000000007216147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2069903f94e4178a2021-12-23 11:55:10.443root 11241100x80000000000000007216148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750ed754f9b1a8be2021-12-23 11:55:10.443root 11241100x80000000000000007216149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093b18b1d321ec9b2021-12-23 11:55:10.444root 11241100x80000000000000007216150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3006382cd1194d362021-12-23 11:55:10.444root 11241100x80000000000000007216151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71152f0d0fa42a292021-12-23 11:55:10.444root 11241100x80000000000000007216152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d75ef75311a4422021-12-23 11:55:10.444root 11241100x80000000000000007216153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8480aadedcaa3aff2021-12-23 11:55:10.444root 11241100x80000000000000007216154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d8bcb032881a442021-12-23 11:55:10.444root 11241100x80000000000000007216155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5663edecf02c9df32021-12-23 11:55:10.444root 11241100x80000000000000007216156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d5d9f536614db82021-12-23 11:55:10.444root 11241100x80000000000000007216157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09315a674fff66e22021-12-23 11:55:10.444root 11241100x80000000000000007216158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c885fdc5fe773d12021-12-23 11:55:10.445root 11241100x80000000000000007216159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a0d1e6e77254992021-12-23 11:55:10.445root 11241100x80000000000000007216160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1629d0828fc5a1942021-12-23 11:55:10.943root 11241100x80000000000000007216161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139d75b22b1c41522021-12-23 11:55:10.943root 11241100x80000000000000007216162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251c3553ee39e1472021-12-23 11:55:10.943root 11241100x80000000000000007216163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86ea9aea012abdb2021-12-23 11:55:10.943root 11241100x80000000000000007216164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18529cb2ae82aeca2021-12-23 11:55:10.943root 11241100x80000000000000007216165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54006611ef752a212021-12-23 11:55:10.943root 11241100x80000000000000007216166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc16f930ea3869ad2021-12-23 11:55:10.944root 11241100x80000000000000007216167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23268daa02971b9c2021-12-23 11:55:10.944root 11241100x80000000000000007216168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cafcd092a23974c2021-12-23 11:55:10.944root 11241100x80000000000000007216169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fee431a0a04e6072021-12-23 11:55:10.944root 11241100x80000000000000007216170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316bbb7730cae1b22021-12-23 11:55:10.944root 11241100x80000000000000007216171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11faa7e27e293be32021-12-23 11:55:10.945root 11241100x80000000000000007216172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd78925d597a6e42021-12-23 11:55:10.945root 11241100x80000000000000007216173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0edc91d9c3f58c42021-12-23 11:55:10.945root 11241100x80000000000000007216174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccce225be14e60a2021-12-23 11:55:10.945root 11241100x80000000000000007216175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb20848f95e4ed42021-12-23 11:55:10.945root 11241100x80000000000000007216176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89aeb4405159cd8a2021-12-23 11:55:10.945root 354300x80000000000000007216177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.074{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33846-false10.0.1.12-8000- 11241100x80000000000000007216178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbc198c286e98a02021-12-23 11:55:11.443root 11241100x80000000000000007216179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01b72f9eb40d8c62021-12-23 11:55:11.443root 11241100x80000000000000007216180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab3afea84cafbf2021-12-23 11:55:11.443root 11241100x80000000000000007216181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cee3b67403777e62021-12-23 11:55:11.443root 11241100x80000000000000007216182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f265b9c8526fc9c2021-12-23 11:55:11.443root 11241100x80000000000000007216183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d611c98ff3101cf2021-12-23 11:55:11.443root 11241100x80000000000000007216184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acefee859744fe3d2021-12-23 11:55:11.444root 11241100x80000000000000007216185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b7360dd5626b712021-12-23 11:55:11.444root 11241100x80000000000000007216186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8adbd753505b2ab2021-12-23 11:55:11.444root 11241100x80000000000000007216187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5457c7707eea812021-12-23 11:55:11.444root 11241100x80000000000000007216188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d92c35c44d0122c2021-12-23 11:55:11.444root 11241100x80000000000000007216189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccd145cbf00e8702021-12-23 11:55:11.444root 11241100x80000000000000007216190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceb12e609ba8c752021-12-23 11:55:11.444root 11241100x80000000000000007216191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ac4cc579f1d0dd2021-12-23 11:55:11.444root 11241100x80000000000000007216192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d220ad23865ccf2021-12-23 11:55:11.444root 11241100x80000000000000007216193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54456d5927697e902021-12-23 11:55:11.444root 11241100x80000000000000007216194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2051cac776b035d2021-12-23 11:55:11.444root 11241100x80000000000000007216195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958b400658a8bd9c2021-12-23 11:55:11.444root 11241100x80000000000000007216196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78eb7babd3a281662021-12-23 11:55:11.943root 11241100x80000000000000007216197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9b7d0307fb17222021-12-23 11:55:11.943root 11241100x80000000000000007216198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de71740df91c92e2021-12-23 11:55:11.943root 11241100x80000000000000007216199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e533469b17e2822021-12-23 11:55:11.943root 11241100x80000000000000007216200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354c87ce227c01612021-12-23 11:55:11.943root 11241100x80000000000000007216201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3c31a5bc41df22021-12-23 11:55:11.943root 11241100x80000000000000007216202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213021d9c35ce2d32021-12-23 11:55:11.943root 11241100x80000000000000007216203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bb5417c62d1c642021-12-23 11:55:11.943root 11241100x80000000000000007216204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16828af6bcc68162021-12-23 11:55:11.943root 11241100x80000000000000007216205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3b25a4586b1f712021-12-23 11:55:11.943root 11241100x80000000000000007216206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e27c411b54a9122021-12-23 11:55:11.943root 11241100x80000000000000007216207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a847d505546f872021-12-23 11:55:11.943root 11241100x80000000000000007216208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b26fb479320ec62021-12-23 11:55:11.944root 11241100x80000000000000007216209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc075c18b2857c62021-12-23 11:55:11.944root 11241100x80000000000000007216210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067bb8ca3bde26b12021-12-23 11:55:11.944root 11241100x80000000000000007216211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75fab9b71a323cd2021-12-23 11:55:11.944root 11241100x80000000000000007216212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc57c0ad51e74e92021-12-23 11:55:11.944root 11241100x80000000000000007216213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46358a1eec4466a2021-12-23 11:55:11.944root 11241100x80000000000000007216214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eb5ecef6ce52552021-12-23 11:55:11.944root 11241100x80000000000000007216215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8593a0e0d1a6cb2021-12-23 11:55:12.442root 11241100x80000000000000007216216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945f9961a840bf552021-12-23 11:55:12.443root 11241100x80000000000000007216217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3884cf246c5a362021-12-23 11:55:12.443root 11241100x80000000000000007216218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f674644727376552021-12-23 11:55:12.443root 11241100x80000000000000007216219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15887a8aff437542021-12-23 11:55:12.443root 11241100x80000000000000007216220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2ef9eb1131aff2021-12-23 11:55:12.443root 11241100x80000000000000007216221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84b9a35fbf9e74e2021-12-23 11:55:12.443root 11241100x80000000000000007216222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22847a788998b7ca2021-12-23 11:55:12.443root 11241100x80000000000000007216223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8bfb0668ea36ed2021-12-23 11:55:12.443root 11241100x80000000000000007216224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab420dc022db80da2021-12-23 11:55:12.443root 11241100x80000000000000007216225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a861837b1ee94c162021-12-23 11:55:12.443root 11241100x80000000000000007216226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d72ad35dacc04972021-12-23 11:55:12.443root 11241100x80000000000000007216227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8d708cd25d2a842021-12-23 11:55:12.443root 11241100x80000000000000007216228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a37320521fc20332021-12-23 11:55:12.444root 11241100x80000000000000007216229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2784ee25ede370aa2021-12-23 11:55:12.444root 11241100x80000000000000007216230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f97f4f9f95e2bc42021-12-23 11:55:12.444root 11241100x80000000000000007216231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050d5daed255c2712021-12-23 11:55:12.444root 11241100x80000000000000007216232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3745d443e9e8c11d2021-12-23 11:55:12.444root 11241100x80000000000000007216233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d449cc98bb3aab2021-12-23 11:55:12.444root 11241100x80000000000000007216234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff516910d2c7dc772021-12-23 11:55:12.444root 11241100x80000000000000007216235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955d48ad6b20f8532021-12-23 11:55:12.943root 11241100x80000000000000007216236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb7fac8b40e74b52021-12-23 11:55:12.943root 11241100x80000000000000007216237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4986ac3ff02d58852021-12-23 11:55:12.943root 11241100x80000000000000007216238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1974f58a88148e2021-12-23 11:55:12.943root 11241100x80000000000000007216239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2153d9cf24159bd92021-12-23 11:55:12.943root 11241100x80000000000000007216240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1643a9d661c4208d2021-12-23 11:55:12.943root 11241100x80000000000000007216241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d25ab66361a42512021-12-23 11:55:12.943root 11241100x80000000000000007216242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b851b6a2044c8832021-12-23 11:55:12.944root 11241100x80000000000000007216243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533ca79bb65ed202021-12-23 11:55:12.944root 11241100x80000000000000007216244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b3b10b632f30272021-12-23 11:55:12.944root 11241100x80000000000000007216245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa97b5bff43331a42021-12-23 11:55:12.944root 11241100x80000000000000007216246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb281bcaf78833e62021-12-23 11:55:12.944root 11241100x80000000000000007216247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827cf22ffe99dc3b2021-12-23 11:55:12.944root 11241100x80000000000000007216248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85779bed71ada38b2021-12-23 11:55:12.944root 11241100x80000000000000007216249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e394033bea5252232021-12-23 11:55:12.944root 11241100x80000000000000007216250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f65ca1534dfe7782021-12-23 11:55:12.944root 11241100x80000000000000007216251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f04f6287d9c9b2021-12-23 11:55:12.944root 11241100x80000000000000007216252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503b273cd0a366252021-12-23 11:55:12.944root 11241100x80000000000000007216253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e128c37c28dbe83c2021-12-23 11:55:13.443root 11241100x80000000000000007216254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55988dc3248d1ac2021-12-23 11:55:13.443root 11241100x80000000000000007216255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe912bf909573c4f2021-12-23 11:55:13.443root 11241100x80000000000000007216256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05d8a8b9813dd722021-12-23 11:55:13.443root 11241100x80000000000000007216257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f51d005ed9678d2021-12-23 11:55:13.444root 11241100x80000000000000007216258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25f992c30faba3a2021-12-23 11:55:13.444root 11241100x80000000000000007216259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b0c462f5882f112021-12-23 11:55:13.444root 11241100x80000000000000007216260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956ab2246ba0eb142021-12-23 11:55:13.444root 11241100x80000000000000007216261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea80168ab157233b2021-12-23 11:55:13.444root 11241100x80000000000000007216262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9804d992d0bd91172021-12-23 11:55:13.444root 11241100x80000000000000007216263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d64b5cd16bb562021-12-23 11:55:13.444root 11241100x80000000000000007216264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5ec15cfab1b47a2021-12-23 11:55:13.444root 11241100x80000000000000007216265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf5fcd41bf3be42021-12-23 11:55:13.444root 11241100x80000000000000007216266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a01c20d47c4d09f2021-12-23 11:55:13.444root 11241100x80000000000000007216267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbeb2ad0267d9792021-12-23 11:55:13.444root 11241100x80000000000000007216268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327e8095e1b7ae8e2021-12-23 11:55:13.444root 11241100x80000000000000007216269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6608570033ae9a3d2021-12-23 11:55:13.444root 11241100x80000000000000007216270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35909431e06a32252021-12-23 11:55:13.444root 11241100x80000000000000007216271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faef5e69f9253ba2021-12-23 11:55:13.943root 11241100x80000000000000007216272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaafeca5832c02732021-12-23 11:55:13.943root 11241100x80000000000000007216273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e735aa841f4b0882021-12-23 11:55:13.943root 11241100x80000000000000007216274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885a7c36f0179e9b2021-12-23 11:55:13.944root 11241100x80000000000000007216275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af044a2f5cb41272021-12-23 11:55:13.944root 11241100x80000000000000007216276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4bcacfed13cbb2021-12-23 11:55:13.944root 11241100x80000000000000007216277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f0fb0d1e30c8d62021-12-23 11:55:13.944root 11241100x80000000000000007216278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb8950d47c46dd52021-12-23 11:55:13.944root 11241100x80000000000000007216279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447cdd98c0ae366c2021-12-23 11:55:13.944root 11241100x80000000000000007216280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae37d92f7336bde2021-12-23 11:55:13.944root 11241100x80000000000000007216281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a7f7f00d6f02f12021-12-23 11:55:13.944root 11241100x80000000000000007216282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3d82a7a522740f2021-12-23 11:55:13.944root 11241100x80000000000000007216283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03e7b8af0843bd02021-12-23 11:55:13.944root 11241100x80000000000000007216284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0ff55c114915a62021-12-23 11:55:13.945root 11241100x80000000000000007216285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2ebb35c3eddd3e2021-12-23 11:55:13.945root 11241100x80000000000000007216286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d72d1432305c82021-12-23 11:55:13.945root 11241100x80000000000000007216287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb3c0cc95057fc82021-12-23 11:55:13.945root 11241100x80000000000000007216288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9367c009d9df4b2021-12-23 11:55:13.945root 11241100x80000000000000007216289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d0259b41a02ce22021-12-23 11:55:14.443root 11241100x80000000000000007216290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c22c108d7db3ac2021-12-23 11:55:14.443root 11241100x80000000000000007216291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01870aa0b44a029d2021-12-23 11:55:14.443root 11241100x80000000000000007216292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4de1808323c549b2021-12-23 11:55:14.444root 11241100x80000000000000007216293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8a7a5ba71cd7cd2021-12-23 11:55:14.444root 11241100x80000000000000007216294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485436922e6b360f2021-12-23 11:55:14.444root 11241100x80000000000000007216295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e77f7bd5f855462021-12-23 11:55:14.444root 11241100x80000000000000007216296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb99e29721e13c462021-12-23 11:55:14.444root 11241100x80000000000000007216297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1c037f76af08b42021-12-23 11:55:14.444root 11241100x80000000000000007216298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df565eee970cb062021-12-23 11:55:14.444root 11241100x80000000000000007216299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b697fe53d066c6452021-12-23 11:55:14.444root 11241100x80000000000000007216300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841d558f1e1bb6af2021-12-23 11:55:14.444root 11241100x80000000000000007216301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3184b3b13a32ba2021-12-23 11:55:14.444root 11241100x80000000000000007216302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92537f2e9696f4662021-12-23 11:55:14.445root 11241100x80000000000000007216303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f019ac88a8c1bc62021-12-23 11:55:14.445root 11241100x80000000000000007216304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e102af9f298fc6502021-12-23 11:55:14.445root 11241100x80000000000000007216305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14de0090b9b42c242021-12-23 11:55:14.445root 11241100x80000000000000007216306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b6fd716b6b96872021-12-23 11:55:14.445root 11241100x80000000000000007216307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5bbc984e5515bb2021-12-23 11:55:14.943root 11241100x80000000000000007216308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4089290797c4992021-12-23 11:55:14.943root 11241100x80000000000000007216309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93432936d4f1b8922021-12-23 11:55:14.943root 11241100x80000000000000007216310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24ece626cb981f52021-12-23 11:55:14.943root 11241100x80000000000000007216311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1acd049295df5252021-12-23 11:55:14.944root 11241100x80000000000000007216312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6b96119bdb96942021-12-23 11:55:14.944root 11241100x80000000000000007216313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f325d7dac35f837d2021-12-23 11:55:14.944root 11241100x80000000000000007216314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb556d5f8bf4e82021-12-23 11:55:14.944root 11241100x80000000000000007216315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1423be7e31829832021-12-23 11:55:14.944root 11241100x80000000000000007216316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e2935c705be0662021-12-23 11:55:14.944root 11241100x80000000000000007216317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966702de5a0fe2e2021-12-23 11:55:14.944root 11241100x80000000000000007216318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe36645809596ec2021-12-23 11:55:14.944root 11241100x80000000000000007216319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f07a8e5fc991a22021-12-23 11:55:14.944root 11241100x80000000000000007216320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488208c1f13f08bd2021-12-23 11:55:14.944root 11241100x80000000000000007216321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bce72e5c2ea3af2021-12-23 11:55:14.944root 11241100x80000000000000007216322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb960db92580cce2021-12-23 11:55:14.944root 11241100x80000000000000007216323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d864f26639cfd3512021-12-23 11:55:14.944root 11241100x80000000000000007216324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eba1a5bdbb57152021-12-23 11:55:14.944root 11241100x80000000000000007216325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a96704b93a1ea702021-12-23 11:55:15.443root 11241100x80000000000000007216326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b45d23dc4d1caa2021-12-23 11:55:15.443root 11241100x80000000000000007216327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346ff9c4421fac1a2021-12-23 11:55:15.443root 11241100x80000000000000007216328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3329bed374f82f2021-12-23 11:55:15.443root 11241100x80000000000000007216329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd03418a1fc1c7032021-12-23 11:55:15.444root 11241100x80000000000000007216330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d26f87193fac7d12021-12-23 11:55:15.444root 11241100x80000000000000007216331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55de68e1dbf3d4612021-12-23 11:55:15.444root 11241100x80000000000000007216332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edcd9a8d5fd53f72021-12-23 11:55:15.444root 11241100x80000000000000007216333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407cacb263a9f8492021-12-23 11:55:15.444root 11241100x80000000000000007216334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01448eeec1743a9d2021-12-23 11:55:15.444root 11241100x80000000000000007216335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425aff7819ad366c2021-12-23 11:55:15.444root 11241100x80000000000000007216336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8bf62f43eaffbb2021-12-23 11:55:15.444root 11241100x80000000000000007216337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa8d23239282b7d2021-12-23 11:55:15.444root 11241100x80000000000000007216338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0666b76c2ed8e66a2021-12-23 11:55:15.444root 11241100x80000000000000007216339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a9f3574bae03ff2021-12-23 11:55:15.445root 11241100x80000000000000007216340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee21dc23484eb38f2021-12-23 11:55:15.445root 11241100x80000000000000007216341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4d9e8d4963ce652021-12-23 11:55:15.445root 11241100x80000000000000007216342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2af731c85993802021-12-23 11:55:15.445root 11241100x80000000000000007216343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3107b36c55a8671e2021-12-23 11:55:15.943root 11241100x80000000000000007216344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3233196c9c7835e52021-12-23 11:55:15.943root 11241100x80000000000000007216345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f5990eccda52f02021-12-23 11:55:15.943root 11241100x80000000000000007216346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9437d7ed06fb60a22021-12-23 11:55:15.944root 11241100x80000000000000007216347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0433107c565dae312021-12-23 11:55:15.944root 11241100x80000000000000007216348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47308ce04771ff32021-12-23 11:55:15.944root 11241100x80000000000000007216349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10991468bfd8f2d2021-12-23 11:55:15.944root 11241100x80000000000000007216350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2755d2ad750f5b62021-12-23 11:55:15.944root 11241100x80000000000000007216351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce25914a8613abc2021-12-23 11:55:15.945root 11241100x80000000000000007216352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf43bcb0d3853dff2021-12-23 11:55:15.945root 11241100x80000000000000007216353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629fdc74c10f185d2021-12-23 11:55:15.945root 11241100x80000000000000007216354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a092da3b3d13c0e2021-12-23 11:55:15.945root 11241100x80000000000000007216355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d519fb08afcee6a2021-12-23 11:55:15.945root 11241100x80000000000000007216356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75813d43d5f0c3da2021-12-23 11:55:15.945root 11241100x80000000000000007216357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e944bd3f53c097b22021-12-23 11:55:15.945root 11241100x80000000000000007216358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9791b23f00b1246d2021-12-23 11:55:15.945root 11241100x80000000000000007216359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a6ed43cbb171b52021-12-23 11:55:15.946root 11241100x80000000000000007216360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4554fdcecfb1e8b2021-12-23 11:55:15.946root 354300x80000000000000007216361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.174{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33848-false10.0.1.12-8000- 11241100x80000000000000007216362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbd23aff72733f42021-12-23 11:55:16.443root 11241100x80000000000000007216363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45814f8855edad02021-12-23 11:55:16.443root 11241100x80000000000000007216364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83eb4636e282cfd2021-12-23 11:55:16.443root 11241100x80000000000000007216365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876bc2698849608f2021-12-23 11:55:16.443root 11241100x80000000000000007216366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f5dedf966eb84b2021-12-23 11:55:16.443root 11241100x80000000000000007216367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fedea706f351ac52021-12-23 11:55:16.443root 11241100x80000000000000007216368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2a313ce783d9ca2021-12-23 11:55:16.444root 11241100x80000000000000007216369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080eeaada684df8c2021-12-23 11:55:16.444root 11241100x80000000000000007216370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebbee9b2feff7f92021-12-23 11:55:16.444root 11241100x80000000000000007216371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05026175564a8f2e2021-12-23 11:55:16.444root 11241100x80000000000000007216372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be59bb2f26e01f662021-12-23 11:55:16.444root 11241100x80000000000000007216373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999b2b88d26d0b612021-12-23 11:55:16.444root 11241100x80000000000000007216374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd96a04477fdc4c2021-12-23 11:55:16.444root 11241100x80000000000000007216375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a78a6ded9ccfeb32021-12-23 11:55:16.444root 11241100x80000000000000007216376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e1451efcd6cbed2021-12-23 11:55:16.444root 11241100x80000000000000007216377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada0071483e14bb62021-12-23 11:55:16.444root 11241100x80000000000000007216378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70470b37467bceb22021-12-23 11:55:16.444root 11241100x80000000000000007216379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7d3361cd95cb762021-12-23 11:55:16.444root 11241100x80000000000000007216380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a4851e32f3752f2021-12-23 11:55:16.444root 11241100x80000000000000007216381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4025158cd21cff42021-12-23 11:55:16.943root 11241100x80000000000000007216382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e9781fddd72b82021-12-23 11:55:16.943root 11241100x80000000000000007216383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa668e7f45e60b52021-12-23 11:55:16.943root 11241100x80000000000000007216384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc5732057524fac2021-12-23 11:55:16.943root 11241100x80000000000000007216385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a5148e2bced3d92021-12-23 11:55:16.943root 11241100x80000000000000007216386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6ab203ab7b94b52021-12-23 11:55:16.943root 11241100x80000000000000007216387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a80de4fd99ef76c2021-12-23 11:55:16.943root 11241100x80000000000000007216388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb20416e056317e2021-12-23 11:55:16.943root 11241100x80000000000000007216389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bdb16b7f7441ce2021-12-23 11:55:16.943root 11241100x80000000000000007216390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64db45a2ee5dfc522021-12-23 11:55:16.943root 11241100x80000000000000007216391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a7f81f0b8c3b592021-12-23 11:55:16.943root 11241100x80000000000000007216392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2252feb4991a9b2021-12-23 11:55:16.943root 11241100x80000000000000007216393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241d5bdc5fcc4dac2021-12-23 11:55:16.943root 11241100x80000000000000007216394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319e928947bb53592021-12-23 11:55:16.944root 11241100x80000000000000007216395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba80f4646b35ee4e2021-12-23 11:55:16.944root 11241100x80000000000000007216396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6dee4aa8099cd22021-12-23 11:55:16.944root 11241100x80000000000000007216397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a75f9504724f8f92021-12-23 11:55:16.944root 11241100x80000000000000007216398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74b5c7a75b1861b2021-12-23 11:55:16.944root 11241100x80000000000000007216399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced95dc3fbc83a42021-12-23 11:55:16.944root 11241100x80000000000000007216400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3a11e6a6ff4aeb2021-12-23 11:55:16.944root 11241100x80000000000000007216401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b46ab9a4e20b0f2021-12-23 11:55:16.944root 11241100x80000000000000007216402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca679ec970728df52021-12-23 11:55:17.443root 11241100x80000000000000007216403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd147e4be76d29bd2021-12-23 11:55:17.443root 11241100x80000000000000007216404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abad1a0699f0cf82021-12-23 11:55:17.443root 11241100x80000000000000007216405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b3b0cd372206f52021-12-23 11:55:17.444root 11241100x80000000000000007216406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0698b39a63d25272021-12-23 11:55:17.444root 11241100x80000000000000007216407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5889b786db619f2021-12-23 11:55:17.444root 11241100x80000000000000007216408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0811783d2047e032021-12-23 11:55:17.444root 11241100x80000000000000007216409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9f88443408c4e62021-12-23 11:55:17.444root 11241100x80000000000000007216410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c22c3499221d472021-12-23 11:55:17.444root 11241100x80000000000000007216411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336f35895f28fe652021-12-23 11:55:17.444root 11241100x80000000000000007216412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d5aee9c35317452021-12-23 11:55:17.444root 11241100x80000000000000007216413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c159fab9611c872021-12-23 11:55:17.444root 11241100x80000000000000007216414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02172b601cf298b2021-12-23 11:55:17.444root 11241100x80000000000000007216415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e90afc1bcf20b82021-12-23 11:55:17.444root 11241100x80000000000000007216416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6049220c8334d72021-12-23 11:55:17.444root 11241100x80000000000000007216417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19848e46283910672021-12-23 11:55:17.444root 11241100x80000000000000007216418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf61ce30457f8df72021-12-23 11:55:17.444root 11241100x80000000000000007216419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bf54a4a494bf092021-12-23 11:55:17.445root 11241100x80000000000000007216420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c349db677c20668b2021-12-23 11:55:17.445root 11241100x80000000000000007216421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8507c1d89edd472021-12-23 11:55:17.943root 11241100x80000000000000007216422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69682ac928df980e2021-12-23 11:55:17.943root 11241100x80000000000000007216423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3414a08c8baa91fc2021-12-23 11:55:17.943root 11241100x80000000000000007216424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d3fd41970491502021-12-23 11:55:17.944root 11241100x80000000000000007216425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f801f4b2d09627662021-12-23 11:55:17.944root 11241100x80000000000000007216426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994a43ee1bebbe222021-12-23 11:55:17.944root 11241100x80000000000000007216427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50428b9855ce6662021-12-23 11:55:17.944root 11241100x80000000000000007216428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a11d53bf95cc7e82021-12-23 11:55:17.944root 11241100x80000000000000007216429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5a1dbd4cd0ddd02021-12-23 11:55:17.944root 11241100x80000000000000007216430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a858593910d86a6c2021-12-23 11:55:17.944root 11241100x80000000000000007216431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cb6fee832456dd2021-12-23 11:55:17.944root 11241100x80000000000000007216432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18706f50919372ac2021-12-23 11:55:17.944root 11241100x80000000000000007216433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bcb6ee4de6d56e2021-12-23 11:55:17.944root 11241100x80000000000000007216434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8778bf134528292021-12-23 11:55:17.944root 11241100x80000000000000007216435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0690fb1975613d2021-12-23 11:55:17.944root 11241100x80000000000000007216436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733d793ffe89d4fa2021-12-23 11:55:17.944root 11241100x80000000000000007216437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1521c2514ed9de2021-12-23 11:55:17.945root 11241100x80000000000000007216438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcdc75662a3432c2021-12-23 11:55:17.945root 11241100x80000000000000007216439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b145928aa9cba3a2021-12-23 11:55:17.945root 11241100x80000000000000007216440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e248f1d4468554c2021-12-23 11:55:18.443root 11241100x80000000000000007216441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea5ff0269ee6f072021-12-23 11:55:18.443root 11241100x80000000000000007216442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d93d7f13c00dee2021-12-23 11:55:18.443root 11241100x80000000000000007216443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a25397b7d96692021-12-23 11:55:18.443root 11241100x80000000000000007216444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f4000f5e996e582021-12-23 11:55:18.444root 11241100x80000000000000007216445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28555bfa15ac8c352021-12-23 11:55:18.444root 11241100x80000000000000007216446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ee5d4423b0beca2021-12-23 11:55:18.444root 11241100x80000000000000007216447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5255014e0c37012021-12-23 11:55:18.444root 11241100x80000000000000007216448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2015b88746ed9772021-12-23 11:55:18.444root 11241100x80000000000000007216449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fbbb1fb7ed2e392021-12-23 11:55:18.444root 11241100x80000000000000007216450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bab0f5f73f73b32021-12-23 11:55:18.444root 11241100x80000000000000007216451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f17aeaad19bb82021-12-23 11:55:18.444root 11241100x80000000000000007216452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e028cf34803c09502021-12-23 11:55:18.444root 11241100x80000000000000007216453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d7cb0bfebe41ea2021-12-23 11:55:18.444root 11241100x80000000000000007216454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab22df65a28a397c2021-12-23 11:55:18.444root 11241100x80000000000000007216455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6ec107a1f4e1dc2021-12-23 11:55:18.445root 11241100x80000000000000007216456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a0d1690c6a43ba2021-12-23 11:55:18.445root 11241100x80000000000000007216457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafac6b868f548022021-12-23 11:55:18.445root 11241100x80000000000000007216458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439994edc73a3a692021-12-23 11:55:18.445root 11241100x80000000000000007216459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479ed38aca2e96742021-12-23 11:55:18.943root 11241100x80000000000000007216460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32141a3bfa6f366f2021-12-23 11:55:18.943root 11241100x80000000000000007216461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc2a61d853a7bbd2021-12-23 11:55:18.943root 11241100x80000000000000007216462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d747ddd7a5b833a92021-12-23 11:55:18.943root 11241100x80000000000000007216463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44e736b3707a2ee2021-12-23 11:55:18.944root 11241100x80000000000000007216464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a638f1fa9eee190f2021-12-23 11:55:18.944root 11241100x80000000000000007216465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e890090856ac9e2021-12-23 11:55:18.944root 11241100x80000000000000007216466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04289376fd7a2d192021-12-23 11:55:18.944root 11241100x80000000000000007216467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a640447674268f2021-12-23 11:55:18.944root 11241100x80000000000000007216468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a745565af5259d62021-12-23 11:55:18.944root 11241100x80000000000000007216469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b326b1742621e12021-12-23 11:55:18.944root 11241100x80000000000000007216470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba0cab4a561e8de2021-12-23 11:55:18.944root 11241100x80000000000000007216471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d6af755e9cf352021-12-23 11:55:18.944root 11241100x80000000000000007216472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfaccd7afd9c2aa2021-12-23 11:55:18.944root 11241100x80000000000000007216473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e79925da73995672021-12-23 11:55:18.944root 11241100x80000000000000007216474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff01f3f9ecfeecc62021-12-23 11:55:18.945root 11241100x80000000000000007216475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc1072a376638ac2021-12-23 11:55:18.945root 11241100x80000000000000007216476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f20d5385415f0112021-12-23 11:55:18.945root 11241100x80000000000000007216477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfb489a250c50ee2021-12-23 11:55:18.945root 11241100x80000000000000007216478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7597bf324d66ebb52021-12-23 11:55:19.443root 11241100x80000000000000007216479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a903560ab4e45eb42021-12-23 11:55:19.443root 11241100x80000000000000007216480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb683fb881afca32021-12-23 11:55:19.443root 11241100x80000000000000007216481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bc539930392be82021-12-23 11:55:19.443root 11241100x80000000000000007216482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47d70b901d4c12b2021-12-23 11:55:19.443root 11241100x80000000000000007216483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7027f551a5ad252021-12-23 11:55:19.443root 11241100x80000000000000007216484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848a9c4b582cab8c2021-12-23 11:55:19.443root 11241100x80000000000000007216485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3571da1b7f5853662021-12-23 11:55:19.444root 11241100x80000000000000007216486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218d1028f3f317642021-12-23 11:55:19.444root 11241100x80000000000000007216487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe22c930364db1122021-12-23 11:55:19.444root 11241100x80000000000000007216488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b0ecb3a637bc372021-12-23 11:55:19.444root 11241100x80000000000000007216489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ec512c1a513a22021-12-23 11:55:19.444root 11241100x80000000000000007216490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f591c655199866a32021-12-23 11:55:19.444root 11241100x80000000000000007216491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f8a69ffdf34162021-12-23 11:55:19.444root 11241100x80000000000000007216492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec32c8f603f6867d2021-12-23 11:55:19.444root 11241100x80000000000000007216493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63b763e3b3551e72021-12-23 11:55:19.444root 11241100x80000000000000007216494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef2765dd47529a42021-12-23 11:55:19.444root 11241100x80000000000000007216495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b013da851d0f18b52021-12-23 11:55:19.444root 11241100x80000000000000007216496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad897ae71e07912021-12-23 11:55:19.444root 11241100x80000000000000007216497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c6018a3b4401e12021-12-23 11:55:19.943root 11241100x80000000000000007216498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e436a4bc9b19e12021-12-23 11:55:19.943root 11241100x80000000000000007216499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f5c799d493395e2021-12-23 11:55:19.943root 11241100x80000000000000007216500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb4f329009dbe222021-12-23 11:55:19.943root 11241100x80000000000000007216501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1362fea8f85b21272021-12-23 11:55:19.943root 11241100x80000000000000007216502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed31fa49547e449a2021-12-23 11:55:19.943root 11241100x80000000000000007216503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8d9e64180e443a2021-12-23 11:55:19.943root 11241100x80000000000000007216504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b4a4cfaf4949862021-12-23 11:55:19.943root 11241100x80000000000000007216505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d374ef93dbc3622021-12-23 11:55:19.943root 11241100x80000000000000007216506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe53d27d2ab48dc02021-12-23 11:55:19.943root 11241100x80000000000000007216507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2985dca473a2c22021-12-23 11:55:19.943root 11241100x80000000000000007216508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124ef915ce66dfe12021-12-23 11:55:19.943root 11241100x80000000000000007216509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690d176948abaaa32021-12-23 11:55:19.944root 11241100x80000000000000007216510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec68c0de29833022021-12-23 11:55:19.944root 11241100x80000000000000007216511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9663513c4dc8c112021-12-23 11:55:19.944root 11241100x80000000000000007216512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d81bc8a75650152021-12-23 11:55:19.944root 11241100x80000000000000007216513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859a98a76156ec932021-12-23 11:55:19.944root 11241100x80000000000000007216514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e481476bd82d91772021-12-23 11:55:19.944root 11241100x80000000000000007216515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c74f2c81cad4c2021-12-23 11:55:19.944root 11241100x80000000000000007216516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009a487f0b6fd8252021-12-23 11:55:20.443root 11241100x80000000000000007216517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b3fca138f202782021-12-23 11:55:20.443root 11241100x80000000000000007216518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a2eeb0bb701a472021-12-23 11:55:20.443root 11241100x80000000000000007216519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d56e31ee3194f182021-12-23 11:55:20.444root 11241100x80000000000000007216520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd69513948cb68b2021-12-23 11:55:20.444root 11241100x80000000000000007216521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cca856c131a3482021-12-23 11:55:20.444root 11241100x80000000000000007216522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e980d37e22b91332021-12-23 11:55:20.444root 11241100x80000000000000007216523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8731cdc030ba1f032021-12-23 11:55:20.444root 11241100x80000000000000007216524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d4e711f0eca0132021-12-23 11:55:20.444root 11241100x80000000000000007216525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894a683d35c5ba9c2021-12-23 11:55:20.444root 11241100x80000000000000007216526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce58c89fa932e9bb2021-12-23 11:55:20.444root 11241100x80000000000000007216527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6405c016b803672021-12-23 11:55:20.444root 11241100x80000000000000007216528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1ecdee4df2df962021-12-23 11:55:20.445root 11241100x80000000000000007216529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b163c59a9009642021-12-23 11:55:20.445root 11241100x80000000000000007216530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2b6070a175400e2021-12-23 11:55:20.445root 11241100x80000000000000007216531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7260041743053ce52021-12-23 11:55:20.445root 11241100x80000000000000007216532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e94149591d24f2021-12-23 11:55:20.445root 11241100x80000000000000007216533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c2f903ced118b62021-12-23 11:55:20.445root 11241100x80000000000000007216534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e882f761d7ab18c02021-12-23 11:55:20.446root 11241100x80000000000000007216535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6218575f591192021-12-23 11:55:20.943root 11241100x80000000000000007216536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fefb9d736e060f02021-12-23 11:55:20.943root 11241100x80000000000000007216537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7e7058ba21a8552021-12-23 11:55:20.943root 11241100x80000000000000007216538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70a6a312c8a2c572021-12-23 11:55:20.943root 11241100x80000000000000007216539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd26b3ddedab52242021-12-23 11:55:20.943root 11241100x80000000000000007216540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c5c75e0d1955e2021-12-23 11:55:20.943root 11241100x80000000000000007216541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5ff9652a8894702021-12-23 11:55:20.943root 11241100x80000000000000007216542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14badd5803c41062021-12-23 11:55:20.943root 11241100x80000000000000007216543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c77ed7b29f839bd2021-12-23 11:55:20.943root 11241100x80000000000000007216544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42a751a36e054002021-12-23 11:55:20.943root 11241100x80000000000000007216545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800970adb1b3b4d2021-12-23 11:55:20.944root 11241100x80000000000000007216546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e381bf1db54bcc2021-12-23 11:55:20.944root 11241100x80000000000000007216547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0fe89fdbb101282021-12-23 11:55:20.944root 11241100x80000000000000007216548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aee2b0dbd6ae292021-12-23 11:55:20.944root 11241100x80000000000000007216549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b55e3c856d16802021-12-23 11:55:20.944root 11241100x80000000000000007216550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd8d60e05921db72021-12-23 11:55:20.944root 11241100x80000000000000007216551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c516f4cd7e952762021-12-23 11:55:20.944root 11241100x80000000000000007216552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc20ce637cc74342021-12-23 11:55:20.944root 11241100x80000000000000007216553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b06a69395a76792021-12-23 11:55:20.944root 11241100x80000000000000007216554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ee4282ee8609f92021-12-23 11:55:20.945root 11241100x80000000000000007216555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df619f79068a72c2021-12-23 11:55:20.945root 11241100x80000000000000007216556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9863c839af34f0032021-12-23 11:55:20.945root 11241100x80000000000000007216557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1140729269037d2021-12-23 11:55:21.443root 11241100x80000000000000007216558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892122a13d3aaf612021-12-23 11:55:21.443root 11241100x80000000000000007216559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26711d55efb7c9a42021-12-23 11:55:21.443root 11241100x80000000000000007216560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97d85710805b7102021-12-23 11:55:21.443root 11241100x80000000000000007216561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1453cece89a5022021-12-23 11:55:21.443root 11241100x80000000000000007216562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df50448d3dba14672021-12-23 11:55:21.443root 11241100x80000000000000007216563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a602279ab2c5c64b2021-12-23 11:55:21.444root 11241100x80000000000000007216564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ac40c3750e1a812021-12-23 11:55:21.444root 11241100x80000000000000007216565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86158341a7034c272021-12-23 11:55:21.444root 11241100x80000000000000007216566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d52252331623722021-12-23 11:55:21.444root 11241100x80000000000000007216567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4d6ca933b134ea2021-12-23 11:55:21.445root 11241100x80000000000000007216568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c203b57340bb9da12021-12-23 11:55:21.445root 11241100x80000000000000007216569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70853ba2b35db4d02021-12-23 11:55:21.445root 11241100x80000000000000007216570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74be716d72c5a7fa2021-12-23 11:55:21.445root 11241100x80000000000000007216571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e17aa396b4457362021-12-23 11:55:21.445root 11241100x80000000000000007216572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc2cf80111484482021-12-23 11:55:21.445root 11241100x80000000000000007216573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dac878535e036b02021-12-23 11:55:21.445root 11241100x80000000000000007216574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3aec67915eed9d2021-12-23 11:55:21.445root 11241100x80000000000000007216575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdedf564b729ce92021-12-23 11:55:21.445root 11241100x80000000000000007216576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cea7c91d33327082021-12-23 11:55:21.943root 11241100x80000000000000007216577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cd4c5d506e2a702021-12-23 11:55:21.943root 11241100x80000000000000007216578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f396a97a65c1ad62021-12-23 11:55:21.943root 11241100x80000000000000007216579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c04312c2dd517c2021-12-23 11:55:21.943root 11241100x80000000000000007216580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4b09d65a725f8f2021-12-23 11:55:21.943root 11241100x80000000000000007216581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591db7ee16149ed92021-12-23 11:55:21.944root 11241100x80000000000000007216582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408cb81d0f6574c22021-12-23 11:55:21.944root 11241100x80000000000000007216583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c432cf31cda08f8a2021-12-23 11:55:21.944root 11241100x80000000000000007216584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d1f2f4654ab7b2021-12-23 11:55:21.944root 11241100x80000000000000007216585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740b91f9b7656ac22021-12-23 11:55:21.944root 11241100x80000000000000007216586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb83e6a76bc443802021-12-23 11:55:21.944root 11241100x80000000000000007216587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bcf8355c79f65a2021-12-23 11:55:21.944root 11241100x80000000000000007216588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfda3a6afe332df2021-12-23 11:55:21.944root 11241100x80000000000000007216589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7569af7b1808dd2021-12-23 11:55:21.944root 11241100x80000000000000007216590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf2ed97e8689d752021-12-23 11:55:21.944root 11241100x80000000000000007216591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5e172d7e67e8102021-12-23 11:55:21.944root 11241100x80000000000000007216592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9b31aaa2fd10482021-12-23 11:55:21.944root 11241100x80000000000000007216593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e981f0d28a8ab8b2021-12-23 11:55:21.944root 11241100x80000000000000007216594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1383d63e944de3eb2021-12-23 11:55:21.945root 11241100x80000000000000007216595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8245198b6bc4e7ad2021-12-23 11:55:21.945root 11241100x80000000000000007216596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c71225dca71325b2021-12-23 11:55:21.945root 11241100x80000000000000007216597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85571f125dd80f2f2021-12-23 11:55:21.945root 11241100x80000000000000007216598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edfbb56a856e6a32021-12-23 11:55:21.945root 354300x80000000000000007216599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33850-false10.0.1.12-8000- 11241100x80000000000000007216600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05e68304cb95ad22021-12-23 11:55:22.443root 11241100x80000000000000007216601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abadfa21537e8e02021-12-23 11:55:22.443root 11241100x80000000000000007216602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf9ff1b734e1c902021-12-23 11:55:22.443root 11241100x80000000000000007216603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445198148b2cf622021-12-23 11:55:22.443root 11241100x80000000000000007216604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72778c2014478c22021-12-23 11:55:22.444root 11241100x80000000000000007216605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4936d717aabf7f932021-12-23 11:55:22.444root 11241100x80000000000000007216606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a1291df18c6b6e2021-12-23 11:55:22.444root 11241100x80000000000000007216607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a683e8b7dd554d22021-12-23 11:55:22.444root 11241100x80000000000000007216608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd02f4940e2a945d2021-12-23 11:55:22.444root 11241100x80000000000000007216609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba83d93d8287bd2021-12-23 11:55:22.444root 11241100x80000000000000007216610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667ef1aa77b829be2021-12-23 11:55:22.444root 11241100x80000000000000007216611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b53b4619c97532021-12-23 11:55:22.444root 11241100x80000000000000007216612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899548b34b27a5e72021-12-23 11:55:22.444root 11241100x80000000000000007216613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b784147dbecd2482021-12-23 11:55:22.444root 11241100x80000000000000007216614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b326bd052c244a22021-12-23 11:55:22.444root 11241100x80000000000000007216615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39954b5c84ae30192021-12-23 11:55:22.444root 11241100x80000000000000007216616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb0d8a24007b7762021-12-23 11:55:22.444root 11241100x80000000000000007216617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b4e0aa898ccbb42021-12-23 11:55:22.444root 11241100x80000000000000007216618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2442376fc77eb61c2021-12-23 11:55:22.444root 11241100x80000000000000007216619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbab5e89ab3612c2021-12-23 11:55:22.444root 11241100x80000000000000007216620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8df1a9c86b3dd02021-12-23 11:55:22.943root 11241100x80000000000000007216621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14758f350997bc452021-12-23 11:55:22.943root 11241100x80000000000000007216622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ad7322ed493a52021-12-23 11:55:22.943root 11241100x80000000000000007216623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d324ecb6bb52e422021-12-23 11:55:22.943root 11241100x80000000000000007216624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc49d8fcf70f6232021-12-23 11:55:22.943root 11241100x80000000000000007216625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b9b7827f1b5e012021-12-23 11:55:22.943root 11241100x80000000000000007216626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2148591136d4bdb2021-12-23 11:55:22.943root 11241100x80000000000000007216627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c644bdc4b62c8b2021-12-23 11:55:22.943root 11241100x80000000000000007216628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8ea9d1db79ede62021-12-23 11:55:22.943root 11241100x80000000000000007216629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e49b0a422d55fd82021-12-23 11:55:22.943root 11241100x80000000000000007216630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3400ad889ac6483f2021-12-23 11:55:22.943root 11241100x80000000000000007216631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684e0905d82b8d42021-12-23 11:55:22.943root 11241100x80000000000000007216632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5419e024867933aa2021-12-23 11:55:22.943root 11241100x80000000000000007216633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fb3e3ae5ddfdcf2021-12-23 11:55:22.944root 11241100x80000000000000007216634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd9a5b967f79572021-12-23 11:55:22.944root 11241100x80000000000000007216635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe771c7a1a8c0922021-12-23 11:55:22.944root 11241100x80000000000000007216636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb89964c2584c3212021-12-23 11:55:22.944root 11241100x80000000000000007216637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31dbc7a5c1194152021-12-23 11:55:22.944root 11241100x80000000000000007216638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c772b91b92d3004d2021-12-23 11:55:22.944root 11241100x80000000000000007216639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e036b0e78d5632021-12-23 11:55:22.944root 11241100x80000000000000007216640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f761deb1a3dfe72021-12-23 11:55:23.443root 11241100x80000000000000007216641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e6371b5ff8ebb02021-12-23 11:55:23.443root 11241100x80000000000000007216642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b48c4c97a8525ac2021-12-23 11:55:23.443root 11241100x80000000000000007216643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b873b20697303d822021-12-23 11:55:23.443root 11241100x80000000000000007216644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ba9ced13571aa02021-12-23 11:55:23.443root 11241100x80000000000000007216645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa61ea4dc015a082021-12-23 11:55:23.443root 11241100x80000000000000007216646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd408fcd790f4c02021-12-23 11:55:23.443root 11241100x80000000000000007216647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf6dd2f1310a0612021-12-23 11:55:23.443root 11241100x80000000000000007216648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b904d0f9268615b72021-12-23 11:55:23.443root 11241100x80000000000000007216649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4007290eb177cc052021-12-23 11:55:23.443root 11241100x80000000000000007216650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18411a1a79214c582021-12-23 11:55:23.443root 11241100x80000000000000007216651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1b6b8b533766d02021-12-23 11:55:23.443root 11241100x80000000000000007216652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592beeeda4442e642021-12-23 11:55:23.444root 11241100x80000000000000007216653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031b2b01eacdc7a02021-12-23 11:55:23.444root 11241100x80000000000000007216654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615781dd7380fb5f2021-12-23 11:55:23.444root 11241100x80000000000000007216655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c62b25c36a60472021-12-23 11:55:23.444root 11241100x80000000000000007216656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df0f6bfdbd597ac2021-12-23 11:55:23.444root 11241100x80000000000000007216657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e14a31ffeb82dfd2021-12-23 11:55:23.444root 11241100x80000000000000007216658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83078dcb40b8c7332021-12-23 11:55:23.444root 11241100x80000000000000007216659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0a17043d1aafdd2021-12-23 11:55:23.444root 11241100x80000000000000007216660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cdbd1f63fe6ff92021-12-23 11:55:23.444root 11241100x80000000000000007216661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0817a504d5ac2b2021-12-23 11:55:23.942root 11241100x80000000000000007216662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c27770a01c049a92021-12-23 11:55:23.943root 11241100x80000000000000007216663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bb0301bfca4c0d2021-12-23 11:55:23.943root 11241100x80000000000000007216664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c144f567247ec272021-12-23 11:55:23.943root 11241100x80000000000000007216665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccaa4a0780403fe2021-12-23 11:55:23.943root 11241100x80000000000000007216666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6453884bba8e7f452021-12-23 11:55:23.944root 11241100x80000000000000007216667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6458ff37aad7a0832021-12-23 11:55:23.944root 11241100x80000000000000007216668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428a86455a8beadc2021-12-23 11:55:23.944root 11241100x80000000000000007216669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8f254874e12a592021-12-23 11:55:23.944root 11241100x80000000000000007216670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608df3d9d4ae7bc82021-12-23 11:55:23.944root 11241100x80000000000000007216671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dc8577f3c114752021-12-23 11:55:23.944root 11241100x80000000000000007216672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4915d322c2a17b22021-12-23 11:55:23.945root 11241100x80000000000000007216673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868ac9f321c711a52021-12-23 11:55:23.945root 11241100x80000000000000007216674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2c3fc0cf4208eb2021-12-23 11:55:23.945root 11241100x80000000000000007216675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532b98d0676715622021-12-23 11:55:23.945root 11241100x80000000000000007216676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4830128209e1872a2021-12-23 11:55:23.945root 11241100x80000000000000007216677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6c3481512e21292021-12-23 11:55:23.945root 11241100x80000000000000007216678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d505dee3b189ea3b2021-12-23 11:55:23.945root 11241100x80000000000000007216679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df18cb7c23f34c72021-12-23 11:55:23.946root 11241100x80000000000000007216680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba83288a9142a9d2021-12-23 11:55:23.946root 11241100x80000000000000007216681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4450337f1b22ad2e2021-12-23 11:55:23.946root 11241100x80000000000000007216682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0d0ddb6319c8cb2021-12-23 11:55:23.946root 11241100x80000000000000007216683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e07fac382c157c2021-12-23 11:55:23.946root 11241100x80000000000000007216684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f936598b23b04faa2021-12-23 11:55:24.443root 11241100x80000000000000007216685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c62e795246050e2021-12-23 11:55:24.443root 11241100x80000000000000007216686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d278119c363764b2021-12-23 11:55:24.443root 11241100x80000000000000007216687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0934c3370ed7c6f02021-12-23 11:55:24.444root 11241100x80000000000000007216688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0aa7d70098bbf2021-12-23 11:55:24.444root 11241100x80000000000000007216689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e087ce93ede2fee2021-12-23 11:55:24.444root 11241100x80000000000000007216690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb36a6942ec79402021-12-23 11:55:24.444root 11241100x80000000000000007216691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b344d024fbafd4d2021-12-23 11:55:24.444root 11241100x80000000000000007216692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a008dd5f0d6010a82021-12-23 11:55:24.444root 11241100x80000000000000007216693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159ffb33a8a74aee2021-12-23 11:55:24.444root 11241100x80000000000000007216694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1a07a4b91938162021-12-23 11:55:24.444root 11241100x80000000000000007216695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121b3ab0ff084372021-12-23 11:55:24.444root 11241100x80000000000000007216696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1583f18983f122021-12-23 11:55:24.444root 11241100x80000000000000007216697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47583a364b34f1d72021-12-23 11:55:24.445root 11241100x80000000000000007216698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fcd829eea3c4f22021-12-23 11:55:24.445root 11241100x80000000000000007216699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720fe8de14f0c2012021-12-23 11:55:24.445root 11241100x80000000000000007216700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029e65e7ff922df52021-12-23 11:55:24.445root 11241100x80000000000000007216701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deab0ee7c4c16e02021-12-23 11:55:24.445root 11241100x80000000000000007216702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446e3a4d8e870ba62021-12-23 11:55:24.446root 11241100x80000000000000007216703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8060e6f81ff59e872021-12-23 11:55:24.446root 11241100x80000000000000007216704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72253b5962569fb82021-12-23 11:55:24.943root 11241100x80000000000000007216705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd5f7ced7599d4e2021-12-23 11:55:24.943root 11241100x80000000000000007216706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81441426bd600ee22021-12-23 11:55:24.943root 11241100x80000000000000007216707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a9369201090f9f2021-12-23 11:55:24.943root 11241100x80000000000000007216708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82651dbe417a0bb2021-12-23 11:55:24.943root 11241100x80000000000000007216709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4055826ddaa614452021-12-23 11:55:24.943root 11241100x80000000000000007216710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3a0de87bdc86952021-12-23 11:55:24.943root 11241100x80000000000000007216711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331bacf1cdaefd5a2021-12-23 11:55:24.943root 11241100x80000000000000007216712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ad15c8da7104de2021-12-23 11:55:24.943root 11241100x80000000000000007216713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f52d817c2ea5972021-12-23 11:55:24.944root 11241100x80000000000000007216714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6a8ee998e77e082021-12-23 11:55:24.944root 11241100x80000000000000007216715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30a74e21b53188e2021-12-23 11:55:24.944root 11241100x80000000000000007216716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15226a773be109012021-12-23 11:55:24.944root 11241100x80000000000000007216717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09096b8dadf22412021-12-23 11:55:24.944root 11241100x80000000000000007216718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07344b543bf9199d2021-12-23 11:55:24.944root 11241100x80000000000000007216719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227dbdb7eca4ca862021-12-23 11:55:24.944root 11241100x80000000000000007216720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee211215e21496282021-12-23 11:55:24.944root 11241100x80000000000000007216721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f838f2c8bea84aa2021-12-23 11:55:24.944root 11241100x80000000000000007216722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef93bbd3954fbfe2021-12-23 11:55:24.944root 11241100x80000000000000007216723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2667c930f2d8282021-12-23 11:55:24.944root 11241100x80000000000000007216724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f607152c987492492021-12-23 11:55:24.944root 11241100x80000000000000007216725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c3ffac13de48482021-12-23 11:55:25.443root 11241100x80000000000000007216726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171028813ffb2a892021-12-23 11:55:25.443root 11241100x80000000000000007216727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7390867de90ad7d2021-12-23 11:55:25.443root 11241100x80000000000000007216728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a7931a1607007e2021-12-23 11:55:25.443root 11241100x80000000000000007216729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a139b4764396831f2021-12-23 11:55:25.443root 11241100x80000000000000007216730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e21a0aa3726c2b2021-12-23 11:55:25.443root 11241100x80000000000000007216731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc310de862479a62021-12-23 11:55:25.444root 11241100x80000000000000007216732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d61565cbdf84d62021-12-23 11:55:25.444root 11241100x80000000000000007216733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f306f9a5cefa65e22021-12-23 11:55:25.444root 11241100x80000000000000007216734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c0b4cd607cfe82021-12-23 11:55:25.444root 11241100x80000000000000007216735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8c2d2c22296a5d2021-12-23 11:55:25.444root 11241100x80000000000000007216736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a320f84fc42de572021-12-23 11:55:25.444root 11241100x80000000000000007216737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2614fc84d95338362021-12-23 11:55:25.444root 11241100x80000000000000007216738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea007798c4b23e2021-12-23 11:55:25.444root 11241100x80000000000000007216739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bec3283a479f1082021-12-23 11:55:25.444root 11241100x80000000000000007216740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127611672cf69c852021-12-23 11:55:25.444root 11241100x80000000000000007216741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d887f9dd157c6022021-12-23 11:55:25.444root 11241100x80000000000000007216742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2316d543052f25192021-12-23 11:55:25.444root 11241100x80000000000000007216743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97daf30706e055f2021-12-23 11:55:25.444root 11241100x80000000000000007216744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b2b9188e07e83a2021-12-23 11:55:25.444root 11241100x80000000000000007216745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9dcbd7ab8705f12021-12-23 11:55:25.943root 11241100x80000000000000007216746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51ea4bb43fb25532021-12-23 11:55:25.943root 11241100x80000000000000007216747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df580463ae4c47462021-12-23 11:55:25.943root 11241100x80000000000000007216748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5573a109c428499e2021-12-23 11:55:25.943root 11241100x80000000000000007216749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a1668057c915882021-12-23 11:55:25.943root 11241100x80000000000000007216750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542b36ee2b0ff5002021-12-23 11:55:25.943root 11241100x80000000000000007216751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93918b9f82b0174f2021-12-23 11:55:25.943root 11241100x80000000000000007216752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17f122c3248d6ba2021-12-23 11:55:25.943root 11241100x80000000000000007216753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f60917e28c9a1992021-12-23 11:55:25.944root 11241100x80000000000000007216754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62031e7c3aea617f2021-12-23 11:55:25.944root 11241100x80000000000000007216755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a6c68904ceba32021-12-23 11:55:25.944root 11241100x80000000000000007216756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4224213efd899862021-12-23 11:55:25.944root 11241100x80000000000000007216757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d833e6e131ffad202021-12-23 11:55:25.944root 11241100x80000000000000007216758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7678b1f31ecb82662021-12-23 11:55:25.944root 11241100x80000000000000007216759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae4fcf8320e04ac2021-12-23 11:55:25.944root 11241100x80000000000000007216760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b545df9d6a8d7d02021-12-23 11:55:25.944root 11241100x80000000000000007216761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a35dade3a89e6232021-12-23 11:55:25.944root 11241100x80000000000000007216762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a60eeaae2dd40b2021-12-23 11:55:25.944root 11241100x80000000000000007216763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9999aaa1d0c6e1a2021-12-23 11:55:25.944root 11241100x80000000000000007216764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8523a0ad8ecab8b2021-12-23 11:55:25.944root 11241100x80000000000000007216765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9d75adaa5989b2021-12-23 11:55:26.443root 11241100x80000000000000007216766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2410d946bbfc9e642021-12-23 11:55:26.443root 11241100x80000000000000007216767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a415a55a1836a52021-12-23 11:55:26.443root 11241100x80000000000000007216768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7a3e325e382e9c2021-12-23 11:55:26.443root 11241100x80000000000000007216769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d87712db44f96802021-12-23 11:55:26.443root 11241100x80000000000000007216770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220f724e7870140a2021-12-23 11:55:26.443root 11241100x80000000000000007216771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b06fdd5827af57d2021-12-23 11:55:26.443root 11241100x80000000000000007216772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4e944071cdfa42021-12-23 11:55:26.443root 11241100x80000000000000007216773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cee76ffb58a2ef2021-12-23 11:55:26.444root 11241100x80000000000000007216774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918b1afae36d1502021-12-23 11:55:26.444root 11241100x80000000000000007216775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fd8d2916a9893e2021-12-23 11:55:26.444root 11241100x80000000000000007216776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ce1117dc22f2b22021-12-23 11:55:26.444root 11241100x80000000000000007216777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5843d535332da2242021-12-23 11:55:26.444root 11241100x80000000000000007216778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7811f4803534063e2021-12-23 11:55:26.444root 11241100x80000000000000007216779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426f6fa69823ef042021-12-23 11:55:26.444root 11241100x80000000000000007216780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982bf20e07769a6d2021-12-23 11:55:26.444root 11241100x80000000000000007216781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ed62238b557f242021-12-23 11:55:26.444root 11241100x80000000000000007216782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b8a3b74cd1ec462021-12-23 11:55:26.445root 11241100x80000000000000007216783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0736008af50dda632021-12-23 11:55:26.445root 11241100x80000000000000007216784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef93cb5968b18c82021-12-23 11:55:26.445root 11241100x80000000000000007216785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77aba52d85c0a53f2021-12-23 11:55:26.943root 11241100x80000000000000007216786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ddbe180c0cc3c2021-12-23 11:55:26.943root 11241100x80000000000000007216787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6fcae9d880ef5d2021-12-23 11:55:26.943root 11241100x80000000000000007216788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4bdef7d0cdbf052021-12-23 11:55:26.943root 11241100x80000000000000007216789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4297533092875c9c2021-12-23 11:55:26.943root 11241100x80000000000000007216790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65013320bed458a32021-12-23 11:55:26.943root 11241100x80000000000000007216791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af503278ee27b752021-12-23 11:55:26.943root 11241100x80000000000000007216792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6551b1f0653a9f2021-12-23 11:55:26.944root 11241100x80000000000000007216793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdfecabc6dc1d5f2021-12-23 11:55:26.944root 11241100x80000000000000007216794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588e08b5127b1592021-12-23 11:55:26.944root 11241100x80000000000000007216795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca817073754c66722021-12-23 11:55:26.944root 11241100x80000000000000007216796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645f3a7bf8e995f92021-12-23 11:55:26.944root 11241100x80000000000000007216797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ca353ec81ea3522021-12-23 11:55:26.944root 11241100x80000000000000007216798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3884e4a81be2682021-12-23 11:55:26.944root 11241100x80000000000000007216799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9427c7c0322d9c2021-12-23 11:55:26.944root 11241100x80000000000000007216800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e692d19fee60132021-12-23 11:55:26.944root 11241100x80000000000000007216801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde6e6da217c93952021-12-23 11:55:26.944root 11241100x80000000000000007216802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b8ee7108f4c61e2021-12-23 11:55:26.945root 11241100x80000000000000007216803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0498dd1db453fdd12021-12-23 11:55:26.945root 11241100x80000000000000007216804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a6dc91f30c46b92021-12-23 11:55:26.945root 354300x80000000000000007216805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33852-false10.0.1.12-8000- 11241100x80000000000000007216806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72ccad184c3df772021-12-23 11:55:27.443root 11241100x80000000000000007216807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253ff1ed45f31b3c2021-12-23 11:55:27.443root 11241100x80000000000000007216808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b2709e68c16442021-12-23 11:55:27.443root 11241100x80000000000000007216809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43612d156a9443fc2021-12-23 11:55:27.443root 11241100x80000000000000007216810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4014f3200549803c2021-12-23 11:55:27.444root 11241100x80000000000000007216811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b532c8eacca9782021-12-23 11:55:27.444root 11241100x80000000000000007216812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320cde64efb9136a2021-12-23 11:55:27.444root 11241100x80000000000000007216813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27bcea14dc3e3bd2021-12-23 11:55:27.444root 11241100x80000000000000007216814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c45ee63edc21c742021-12-23 11:55:27.444root 11241100x80000000000000007216815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a27ad98df0615802021-12-23 11:55:27.444root 11241100x80000000000000007216816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6511243d1e0b85832021-12-23 11:55:27.444root 11241100x80000000000000007216817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bb09550156992a2021-12-23 11:55:27.444root 11241100x80000000000000007216818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbc67ed3949d8e32021-12-23 11:55:27.444root 11241100x80000000000000007216819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b957dc0a59a9dab2021-12-23 11:55:27.444root 11241100x80000000000000007216820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d44fc9bacc85d132021-12-23 11:55:27.444root 11241100x80000000000000007216821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc41d733acec6c7b2021-12-23 11:55:27.444root 11241100x80000000000000007216822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2623adf638be304a2021-12-23 11:55:27.444root 11241100x80000000000000007216823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795450e301c69efd2021-12-23 11:55:27.444root 11241100x80000000000000007216824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433863043ed4e3242021-12-23 11:55:27.445root 11241100x80000000000000007216825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab26ea942567dbb2021-12-23 11:55:27.445root 11241100x80000000000000007216826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4153fbbe20fb20682021-12-23 11:55:27.445root 11241100x80000000000000007216827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d03b73b617ef7342021-12-23 11:55:27.445root 11241100x80000000000000007216828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d1edd049179c2c2021-12-23 11:55:27.943root 11241100x80000000000000007216829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa53b6571f8c9de2021-12-23 11:55:27.943root 11241100x80000000000000007216830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057b5e479cd7770a2021-12-23 11:55:27.943root 11241100x80000000000000007216831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4556fb577b089f8f2021-12-23 11:55:27.944root 11241100x80000000000000007216832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594846462dfc81212021-12-23 11:55:27.944root 11241100x80000000000000007216833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9544988624179a2021-12-23 11:55:27.944root 11241100x80000000000000007216834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9065d68cf85d26e2021-12-23 11:55:27.944root 11241100x80000000000000007216835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b1da1cdcb24c502021-12-23 11:55:27.944root 11241100x80000000000000007216836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d50b52d56f84602021-12-23 11:55:27.944root 11241100x80000000000000007216837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b49a555c09ddcd2021-12-23 11:55:27.944root 11241100x80000000000000007216838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4119e0c0047cc5d32021-12-23 11:55:27.944root 11241100x80000000000000007216839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141f0b989c66e50e2021-12-23 11:55:27.944root 11241100x80000000000000007216840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0bc4cba61a8a042021-12-23 11:55:27.944root 11241100x80000000000000007216841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f344c2bab156f192021-12-23 11:55:27.944root 11241100x80000000000000007216842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb1a2a9426681392021-12-23 11:55:27.944root 11241100x80000000000000007216843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300fabf50b37dc1f2021-12-23 11:55:27.944root 11241100x80000000000000007216844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3eed1935d027272021-12-23 11:55:27.945root 11241100x80000000000000007216845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40ec1542b1aa6692021-12-23 11:55:27.945root 11241100x80000000000000007216846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d85a2b395c5b3112021-12-23 11:55:27.945root 11241100x80000000000000007216847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1578d7c765aef532021-12-23 11:55:27.945root 11241100x80000000000000007216848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4903ac31517004652021-12-23 11:55:27.945root 11241100x80000000000000007216849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab7de09efa312782021-12-23 11:55:28.443root 11241100x80000000000000007216850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99763babb98d7e82021-12-23 11:55:28.443root 11241100x80000000000000007216851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea2e438c6b83bd22021-12-23 11:55:28.443root 11241100x80000000000000007216852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb73fed731a6322b2021-12-23 11:55:28.443root 11241100x80000000000000007216853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb75ac8028f976e2021-12-23 11:55:28.443root 11241100x80000000000000007216854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b947fe77154c64c72021-12-23 11:55:28.444root 11241100x80000000000000007216855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca75b39167e3d5a02021-12-23 11:55:28.444root 11241100x80000000000000007216856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177e724e7b18a5122021-12-23 11:55:28.444root 11241100x80000000000000007216857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad836776099248c12021-12-23 11:55:28.444root 11241100x80000000000000007216858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3661c63171cf952021-12-23 11:55:28.444root 11241100x80000000000000007216859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da7ad7fb517a0b22021-12-23 11:55:28.444root 11241100x80000000000000007216860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ae5b2842e9ee42021-12-23 11:55:28.444root 11241100x80000000000000007216861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe2fccce30a8ac72021-12-23 11:55:28.444root 11241100x80000000000000007216862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f82a90ff02eb1f2021-12-23 11:55:28.444root 11241100x80000000000000007216863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a63efc04ce5d00c2021-12-23 11:55:28.444root 11241100x80000000000000007216864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d508b12c3f2947632021-12-23 11:55:28.444root 11241100x80000000000000007216865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1f13aa49d13cff2021-12-23 11:55:28.444root 11241100x80000000000000007216866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58ff43c06f5c5b42021-12-23 11:55:28.444root 11241100x80000000000000007216867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5b36ffe411ad692021-12-23 11:55:28.444root 11241100x80000000000000007216868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0e7ae224a5d2162021-12-23 11:55:28.444root 11241100x80000000000000007216869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e298990a1baaa4782021-12-23 11:55:28.445root 11241100x80000000000000007216870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0427d3c375e826c12021-12-23 11:55:28.943root 11241100x80000000000000007216871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee34a68c1283712d2021-12-23 11:55:28.943root 11241100x80000000000000007216872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7eb3eaa18d29ed2021-12-23 11:55:28.943root 11241100x80000000000000007216873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a58d6c1b2bc5d2021-12-23 11:55:28.943root 11241100x80000000000000007216874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd028a41913c468e2021-12-23 11:55:28.943root 11241100x80000000000000007216875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996b4cfe68005ac32021-12-23 11:55:28.943root 11241100x80000000000000007216876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61180232cc107f12021-12-23 11:55:28.943root 11241100x80000000000000007216877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a270d388358a0f962021-12-23 11:55:28.943root 11241100x80000000000000007216878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07074e0863bfbf92021-12-23 11:55:28.943root 11241100x80000000000000007216879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924734a232976cdf2021-12-23 11:55:28.943root 11241100x80000000000000007216880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c281f63fdda1b9d2021-12-23 11:55:28.944root 11241100x80000000000000007216881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7687b766e57be72c2021-12-23 11:55:28.944root 11241100x80000000000000007216882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7e449f2323b1222021-12-23 11:55:28.944root 11241100x80000000000000007216883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df57f42644d9659f2021-12-23 11:55:28.944root 11241100x80000000000000007216884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7f321a0e49b8592021-12-23 11:55:28.944root 11241100x80000000000000007216885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c0baa2ae8ea0da2021-12-23 11:55:28.944root 11241100x80000000000000007216886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f722dbe6bb1919e2021-12-23 11:55:28.944root 11241100x80000000000000007216887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac95fc32c0e47692021-12-23 11:55:28.944root 11241100x80000000000000007216888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070699ee25e5c2702021-12-23 11:55:28.944root 11241100x80000000000000007216889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab408199b01e9302021-12-23 11:55:28.944root 11241100x80000000000000007216890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac55a3bcc91e89132021-12-23 11:55:28.944root 11241100x80000000000000007216891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e170f720f2b3722021-12-23 11:55:28.944root 11241100x80000000000000007216892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72846ef32ca0465e2021-12-23 11:55:29.443root 11241100x80000000000000007216893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54326be03466b0782021-12-23 11:55:29.443root 11241100x80000000000000007216894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f6fce8d52af0de2021-12-23 11:55:29.443root 11241100x80000000000000007216895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b544b975e344122021-12-23 11:55:29.443root 11241100x80000000000000007216896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280d0e1f1022cce82021-12-23 11:55:29.443root 11241100x80000000000000007216897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56c2ca30031f7362021-12-23 11:55:29.444root 11241100x80000000000000007216898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85039234273d467c2021-12-23 11:55:29.444root 11241100x80000000000000007216899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2f4142075eb2dc2021-12-23 11:55:29.444root 11241100x80000000000000007216900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49f25c3ce486a472021-12-23 11:55:29.444root 11241100x80000000000000007216901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782862253037dd242021-12-23 11:55:29.444root 11241100x80000000000000007216902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc40dcbee25485cc2021-12-23 11:55:29.444root 11241100x80000000000000007216903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ad52c759019ee52021-12-23 11:55:29.444root 11241100x80000000000000007216904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1945c266e8a67fe22021-12-23 11:55:29.444root 11241100x80000000000000007216905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4023e4b5b423bfb32021-12-23 11:55:29.444root 11241100x80000000000000007216906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f058563c04e95ec12021-12-23 11:55:29.444root 11241100x80000000000000007216907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1134a016063a885e2021-12-23 11:55:29.444root 11241100x80000000000000007216908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebbdf7e408891022021-12-23 11:55:29.444root 11241100x80000000000000007216909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2056c5472353a652021-12-23 11:55:29.444root 11241100x80000000000000007216910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f69ee3f62f646bc2021-12-23 11:55:29.444root 11241100x80000000000000007216911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135cdc67f402d4522021-12-23 11:55:29.445root 11241100x80000000000000007216912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a16ac308e41f0c2021-12-23 11:55:29.445root 11241100x80000000000000007216913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dfd35cdeee63a52021-12-23 11:55:29.943root 11241100x80000000000000007216914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e836eef0aab479952021-12-23 11:55:29.943root 11241100x80000000000000007216915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3860a0b4f80dfb072021-12-23 11:55:29.943root 11241100x80000000000000007216916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d2577d3e23724c2021-12-23 11:55:29.943root 11241100x80000000000000007216917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d4d42708c41dae2021-12-23 11:55:29.943root 11241100x80000000000000007216918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05ecf22fb5bdc662021-12-23 11:55:29.944root 11241100x80000000000000007216919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f35967a41a7282021-12-23 11:55:29.944root 11241100x80000000000000007216920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec61c19161639702021-12-23 11:55:29.944root 11241100x80000000000000007216921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7be4572ecec68422021-12-23 11:55:29.944root 11241100x80000000000000007216922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3918c055a31fc64e2021-12-23 11:55:29.944root 11241100x80000000000000007216923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bd899f6588021d2021-12-23 11:55:29.944root 11241100x80000000000000007216924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9f63bcf29b55222021-12-23 11:55:29.944root 11241100x80000000000000007216925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0e52de8d9038922021-12-23 11:55:29.944root 11241100x80000000000000007216926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065428a266915bd92021-12-23 11:55:29.944root 11241100x80000000000000007216927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb19a8d81216b552021-12-23 11:55:29.944root 11241100x80000000000000007216928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a5e148d2a70e3b2021-12-23 11:55:29.944root 11241100x80000000000000007216929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd9f7f229868a652021-12-23 11:55:29.944root 11241100x80000000000000007216930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7820456c100a3c9f2021-12-23 11:55:29.945root 11241100x80000000000000007216931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8af533f15097e5b2021-12-23 11:55:29.945root 11241100x80000000000000007216932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf598ad11d94cf2a2021-12-23 11:55:29.945root 11241100x80000000000000007216933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cef0ce0ed2ae0972021-12-23 11:55:29.945root 11241100x80000000000000007216934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d1b7191dd993aa2021-12-23 11:55:29.945root 11241100x80000000000000007216935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b5de8fc68ef4572021-12-23 11:55:29.945root 11241100x80000000000000007216936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20711c02cf83c9eb2021-12-23 11:55:29.945root 11241100x80000000000000007216937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15a23033c2a03da2021-12-23 11:55:29.945root 11241100x80000000000000007216938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:55:30.141root 11241100x80000000000000007216939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ae13fe9f1b5462021-12-23 11:55:30.443root 11241100x80000000000000007216940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d70f17c801f8b42021-12-23 11:55:30.443root 11241100x80000000000000007216941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db41008186f035382021-12-23 11:55:30.443root 11241100x80000000000000007216942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633a0147eefc96bd2021-12-23 11:55:30.443root 11241100x80000000000000007216943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffba45fff4f247492021-12-23 11:55:30.443root 11241100x80000000000000007216944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7869a57bbdc0492021-12-23 11:55:30.444root 11241100x80000000000000007216945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce79f16cc09a8122021-12-23 11:55:30.444root 11241100x80000000000000007216946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199993aaffea19062021-12-23 11:55:30.444root 11241100x80000000000000007216947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3441cad8a97c44c62021-12-23 11:55:30.444root 11241100x80000000000000007216948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bdb7e5ae217b5a2021-12-23 11:55:30.444root 11241100x80000000000000007216949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e86bd9a603dd7582021-12-23 11:55:30.444root 11241100x80000000000000007216950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4917e3fdd663aad22021-12-23 11:55:30.444root 11241100x80000000000000007216951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbffcc65943a06d2021-12-23 11:55:30.444root 11241100x80000000000000007216952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62bccf494ee255e2021-12-23 11:55:30.444root 11241100x80000000000000007216953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9279021517df9e2021-12-23 11:55:30.444root 11241100x80000000000000007216954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ff083013db018e2021-12-23 11:55:30.444root 11241100x80000000000000007216955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b365f68f1078ef1c2021-12-23 11:55:30.444root 11241100x80000000000000007216956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486c350dd138fe972021-12-23 11:55:30.444root 11241100x80000000000000007216957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ab84be19d20d062021-12-23 11:55:30.444root 11241100x80000000000000007216958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c80015e6bf64f92021-12-23 11:55:30.444root 11241100x80000000000000007216959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e152d0b79995bca92021-12-23 11:55:30.445root 11241100x80000000000000007216960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d3c7156b46b1922021-12-23 11:55:30.445root 11241100x80000000000000007216961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b149c0b4dd33763b2021-12-23 11:55:30.943root 11241100x80000000000000007216962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b604ad4dfefc41c92021-12-23 11:55:30.943root 11241100x80000000000000007216963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534c38896a5d9aca2021-12-23 11:55:30.943root 11241100x80000000000000007216964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60df2378ac9d07d2021-12-23 11:55:30.943root 11241100x80000000000000007216965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5d0fd97ab723f92021-12-23 11:55:30.943root 11241100x80000000000000007216966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb00f0f03055cc62021-12-23 11:55:30.943root 11241100x80000000000000007216967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8133876b8b2d532021-12-23 11:55:30.944root 11241100x80000000000000007216968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a819b9299afc36f92021-12-23 11:55:30.944root 11241100x80000000000000007216969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6d7749b15a2cab2021-12-23 11:55:30.944root 11241100x80000000000000007216970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9b7c6034cde6ec2021-12-23 11:55:30.944root 11241100x80000000000000007216971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2e38d88400c36b2021-12-23 11:55:30.944root 11241100x80000000000000007216972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c97fe970fc8b4a2021-12-23 11:55:30.944root 11241100x80000000000000007216973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e895b66e4e7ff22021-12-23 11:55:30.944root 11241100x80000000000000007216974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a297a5010209d3c02021-12-23 11:55:30.944root 11241100x80000000000000007216975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6146e0bedba7ea2021-12-23 11:55:30.944root 11241100x80000000000000007216976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d46c5acea6fa8212021-12-23 11:55:30.944root 11241100x80000000000000007216977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425b26f0e5f37e62021-12-23 11:55:30.944root 11241100x80000000000000007216978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f19d95875aee082021-12-23 11:55:30.944root 11241100x80000000000000007216979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9283b0f11c8b92021-12-23 11:55:30.944root 11241100x80000000000000007216980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0e6b274ba7da902021-12-23 11:55:30.944root 11241100x80000000000000007216981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b165c6114cdcf3aa2021-12-23 11:55:30.944root 11241100x80000000000000007216982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7c433743097b542021-12-23 11:55:30.944root 11241100x80000000000000007216983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e369c85dcd0d46092021-12-23 11:55:31.443root 11241100x80000000000000007216984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba7cdd19e4d40202021-12-23 11:55:31.443root 11241100x80000000000000007216985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a07550550b2d2da2021-12-23 11:55:31.443root 11241100x80000000000000007216986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2d03c01e90d68e2021-12-23 11:55:31.443root 11241100x80000000000000007216987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784f25d7ee016a432021-12-23 11:55:31.443root 11241100x80000000000000007216988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4edfa4efacc8572021-12-23 11:55:31.443root 11241100x80000000000000007216989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e204668c716ba1b92021-12-23 11:55:31.443root 11241100x80000000000000007216990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435440ccaed35c782021-12-23 11:55:31.443root 11241100x80000000000000007216991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecde128fe4629d42021-12-23 11:55:31.443root 11241100x80000000000000007216992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7b89ad280b47cf2021-12-23 11:55:31.443root 11241100x80000000000000007216993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc3add0a35faddc2021-12-23 11:55:31.444root 11241100x80000000000000007216994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c5ff72a5fb28d42021-12-23 11:55:31.444root 11241100x80000000000000007216995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77e80287d153afb2021-12-23 11:55:31.444root 11241100x80000000000000007216996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f759e6caae98a972021-12-23 11:55:31.444root 11241100x80000000000000007216997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29136283c4f27c602021-12-23 11:55:31.444root 11241100x80000000000000007216998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba0a1531087dcfb2021-12-23 11:55:31.444root 11241100x80000000000000007216999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49578899b1572c1c2021-12-23 11:55:31.444root 11241100x80000000000000007217000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5581f4f928762922021-12-23 11:55:31.444root 11241100x80000000000000007217001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c46ecc447d37c182021-12-23 11:55:31.444root 11241100x80000000000000007217002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18eca1de04a90da2021-12-23 11:55:31.444root 11241100x80000000000000007217003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f06a6fd6febc312021-12-23 11:55:31.444root 11241100x80000000000000007217004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c774cd4575586312021-12-23 11:55:31.444root 11241100x80000000000000007217005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923481a4707d64752021-12-23 11:55:31.444root 11241100x80000000000000007217006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6570e911aee717b2021-12-23 11:55:31.444root 11241100x80000000000000007217007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7824eaa6cd5e9adb2021-12-23 11:55:31.444root 11241100x80000000000000007217008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d6ea345680c6892021-12-23 11:55:31.444root 11241100x80000000000000007217009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b4b83e343c8b0a2021-12-23 11:55:31.445root 11241100x80000000000000007217010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d536dae1fe29ee2021-12-23 11:55:31.445root 11241100x80000000000000007217011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e3d550fd0fbd12021-12-23 11:55:31.445root 11241100x80000000000000007217012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084e5f3b887bd4b82021-12-23 11:55:31.445root 11241100x80000000000000007217013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41395491deafdb632021-12-23 11:55:31.445root 11241100x80000000000000007217014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0ccd883be2d8402021-12-23 11:55:31.445root 11241100x80000000000000007217015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa784059bfb83a542021-12-23 11:55:31.445root 11241100x80000000000000007217016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057c9b1fe0bd1bc12021-12-23 11:55:31.445root 11241100x80000000000000007217017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abc0fa70e157fd32021-12-23 11:55:31.445root 11241100x80000000000000007217018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2088773a9d686db2021-12-23 11:55:31.445root 11241100x80000000000000007217019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeba09e52694a0312021-12-23 11:55:31.445root 11241100x80000000000000007217020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29174d06fed4fa392021-12-23 11:55:31.445root 11241100x80000000000000007217021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922415c438432ce72021-12-23 11:55:31.445root 11241100x80000000000000007217022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26a0e11427653f12021-12-23 11:55:31.445root 11241100x80000000000000007217023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490a97897db095cd2021-12-23 11:55:31.445root 11241100x80000000000000007217024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b66af47cf6094322021-12-23 11:55:31.445root 11241100x80000000000000007217025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdf353566d31d502021-12-23 11:55:31.446root 11241100x80000000000000007217026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb820c45bd0eb0a12021-12-23 11:55:31.446root 11241100x80000000000000007217027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8c7619e5383a1e2021-12-23 11:55:31.446root 11241100x80000000000000007217028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c00ca5e72fdde52021-12-23 11:55:31.446root 11241100x80000000000000007217029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b7aade50743f022021-12-23 11:55:31.446root 11241100x80000000000000007217030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c7a1722065e6532021-12-23 11:55:31.447root 11241100x80000000000000007217031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c9a438ecf769a62021-12-23 11:55:31.447root 11241100x80000000000000007217032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010f89dec51a9212021-12-23 11:55:31.447root 11241100x80000000000000007217033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56f2e85892d37ae2021-12-23 11:55:31.447root 11241100x80000000000000007217034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9cd9ea41a19deb2021-12-23 11:55:31.447root 11241100x80000000000000007217035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc6f97e2e49da2a2021-12-23 11:55:31.447root 11241100x80000000000000007217036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70101180ec594d52021-12-23 11:55:31.447root 11241100x80000000000000007217037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb5b818d5815ca72021-12-23 11:55:31.447root 11241100x80000000000000007217038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e25c4748e1daa12021-12-23 11:55:31.447root 11241100x80000000000000007217039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3267caefa9ddc122021-12-23 11:55:31.447root 11241100x80000000000000007217040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf6db216524dd1a2021-12-23 11:55:31.447root 11241100x80000000000000007217041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b6f48d18a4c5992021-12-23 11:55:31.448root 11241100x80000000000000007217042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5877e3c28e802822021-12-23 11:55:31.448root 11241100x80000000000000007217043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a292270cfa00a682021-12-23 11:55:31.448root 11241100x80000000000000007217044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e05c32e7da25462021-12-23 11:55:31.448root 11241100x80000000000000007217045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61de2820cb192a642021-12-23 11:55:31.448root 11241100x80000000000000007217046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a6198064d63e032021-12-23 11:55:31.448root 11241100x80000000000000007217047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d391260d712fb62021-12-23 11:55:31.448root 11241100x80000000000000007217048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d51e9f83091ff9b2021-12-23 11:55:31.448root 11241100x80000000000000007217049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5843ec7e67980f2021-12-23 11:55:31.943root 11241100x80000000000000007217050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6848fb0410a216a02021-12-23 11:55:31.943root 11241100x80000000000000007217051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f767f19a50a0132021-12-23 11:55:31.943root 11241100x80000000000000007217052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87951c021e6480d2021-12-23 11:55:31.944root 11241100x80000000000000007217053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223ea185442634862021-12-23 11:55:31.944root 11241100x80000000000000007217054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b11f38917e26152021-12-23 11:55:31.944root 11241100x80000000000000007217055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859a779b21914e102021-12-23 11:55:31.944root 11241100x80000000000000007217056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183e304940dcb6372021-12-23 11:55:31.944root 11241100x80000000000000007217057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990f04c4c8ecffa52021-12-23 11:55:31.944root 11241100x80000000000000007217058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f4a48cd10d54112021-12-23 11:55:31.944root 11241100x80000000000000007217059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5fdb891a84ae342021-12-23 11:55:31.944root 11241100x80000000000000007217060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a15b2a7bec89af52021-12-23 11:55:31.944root 11241100x80000000000000007217061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7f88c1cc92a0642021-12-23 11:55:31.945root 11241100x80000000000000007217062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3df8a914aae9ec2021-12-23 11:55:31.945root 11241100x80000000000000007217063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f44719990d6202021-12-23 11:55:31.945root 11241100x80000000000000007217064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9421002212410f2021-12-23 11:55:31.945root 11241100x80000000000000007217065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283bcbb3d58785632021-12-23 11:55:31.945root 11241100x80000000000000007217066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a579ca86eb2e0ef2021-12-23 11:55:31.945root 11241100x80000000000000007217067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d999413a37e0f282021-12-23 11:55:31.946root 11241100x80000000000000007217068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02fc9260e5ab9b2021-12-23 11:55:31.946root 11241100x80000000000000007217069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc2fcce99e0d9842021-12-23 11:55:31.946root 11241100x80000000000000007217070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a48526ba6e08e12021-12-23 11:55:31.946root 354300x80000000000000007217071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.150{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33854-false10.0.1.12-8000- 11241100x80000000000000007217072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359b0bd95a1d0ae92021-12-23 11:55:32.443root 11241100x80000000000000007217073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8ce8f311f2e43f2021-12-23 11:55:32.443root 11241100x80000000000000007217074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad31fe9eeac54652021-12-23 11:55:32.443root 11241100x80000000000000007217075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42499ec3eaa197862021-12-23 11:55:32.443root 11241100x80000000000000007217076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303cd2793bc524e32021-12-23 11:55:32.443root 11241100x80000000000000007217077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da5dc8eb89f242a2021-12-23 11:55:32.444root 11241100x80000000000000007217078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d05f73864b610b2021-12-23 11:55:32.444root 11241100x80000000000000007217079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dd2d4409896afb2021-12-23 11:55:32.444root 11241100x80000000000000007217080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17464bf1f11e474f2021-12-23 11:55:32.444root 11241100x80000000000000007217081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fb9e06e9dd4e392021-12-23 11:55:32.444root 11241100x80000000000000007217082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45323077d3a825022021-12-23 11:55:32.444root 11241100x80000000000000007217083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221a1a4796423a7e2021-12-23 11:55:32.445root 11241100x80000000000000007217084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3475a7cde570e93e2021-12-23 11:55:32.445root 11241100x80000000000000007217085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d8c709e640fbe32021-12-23 11:55:32.445root 11241100x80000000000000007217086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ad4eeed3b6a2ac2021-12-23 11:55:32.445root 11241100x80000000000000007217087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199fca327fa087462021-12-23 11:55:32.445root 11241100x80000000000000007217088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d38feb4a30a6b52021-12-23 11:55:32.445root 11241100x80000000000000007217089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaa68598313752d2021-12-23 11:55:32.445root 11241100x80000000000000007217090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54793fc2fae2e2222021-12-23 11:55:32.446root 11241100x80000000000000007217091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f03e7a4f3667392021-12-23 11:55:32.446root 11241100x80000000000000007217092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f1e5827dc98a2d2021-12-23 11:55:32.446root 11241100x80000000000000007217093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2d6d69f15c9c42021-12-23 11:55:32.446root 11241100x80000000000000007217094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1e2a90c4282fa72021-12-23 11:55:32.446root 11241100x80000000000000007217095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9749691097f783d2021-12-23 11:55:32.943root 11241100x80000000000000007217096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dba3de6aba32fb2021-12-23 11:55:32.943root 11241100x80000000000000007217097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a70201110ef9f62021-12-23 11:55:32.944root 11241100x80000000000000007217098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa71b391758c52f2021-12-23 11:55:32.944root 11241100x80000000000000007217099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f324116824d24a1a2021-12-23 11:55:32.944root 11241100x80000000000000007217100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9501fcde1b3b12021-12-23 11:55:32.944root 11241100x80000000000000007217101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6696dac8cedfd1242021-12-23 11:55:32.944root 11241100x80000000000000007217102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea2e5ebda87e2b72021-12-23 11:55:32.945root 11241100x80000000000000007217103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a080428357410c2021-12-23 11:55:32.945root 11241100x80000000000000007217104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5426c84ee46cb4aa2021-12-23 11:55:32.945root 11241100x80000000000000007217105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f162dd8a1196092021-12-23 11:55:32.945root 11241100x80000000000000007217106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3866c79782c362d2021-12-23 11:55:32.945root 11241100x80000000000000007217107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03512097dd073d8d2021-12-23 11:55:32.945root 11241100x80000000000000007217108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9798115cd838732021-12-23 11:55:32.945root 11241100x80000000000000007217109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9805a0bbe21a62862021-12-23 11:55:32.946root 11241100x80000000000000007217110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc19b5919550b482021-12-23 11:55:32.946root 11241100x80000000000000007217111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1a8828d4cabf462021-12-23 11:55:32.946root 11241100x80000000000000007217112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c789b0d654ce972021-12-23 11:55:32.946root 11241100x80000000000000007217113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fe9b92bac738cf2021-12-23 11:55:32.946root 11241100x80000000000000007217114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1670b760de02512021-12-23 11:55:32.946root 11241100x80000000000000007217115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc43c8729d8ba2682021-12-23 11:55:32.947root 11241100x80000000000000007217116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ada47b15ef59efc2021-12-23 11:55:32.947root 11241100x80000000000000007217117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803ef911e73f9bc52021-12-23 11:55:32.947root 23542300x80000000000000007217118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007217119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155c94805f9080b52021-12-23 11:55:33.443root 11241100x80000000000000007217120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8551bdc502870c3f2021-12-23 11:55:33.443root 11241100x80000000000000007217121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d00ac2bd6c18ceb2021-12-23 11:55:33.443root 11241100x80000000000000007217122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97f2fbc5dc07d222021-12-23 11:55:33.443root 11241100x80000000000000007217123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f16abce86f874be2021-12-23 11:55:33.444root 11241100x80000000000000007217124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30270f984da361cf2021-12-23 11:55:33.444root 11241100x80000000000000007217125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936c26909f50fe782021-12-23 11:55:33.444root 11241100x80000000000000007217126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f962254eb65ac422021-12-23 11:55:33.444root 11241100x80000000000000007217127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95b358f056ee6fd2021-12-23 11:55:33.444root 11241100x80000000000000007217128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd78e3e7278bc2e2021-12-23 11:55:33.444root 11241100x80000000000000007217129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fb7ad97436df392021-12-23 11:55:33.444root 11241100x80000000000000007217130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f78de0d2ca833a2021-12-23 11:55:33.444root 11241100x80000000000000007217131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7705d6055ce2ff02021-12-23 11:55:33.444root 11241100x80000000000000007217132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016a482e9293fe142021-12-23 11:55:33.444root 11241100x80000000000000007217133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde622c42a62cdfb2021-12-23 11:55:33.444root 11241100x80000000000000007217134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588a30396255363b2021-12-23 11:55:33.445root 11241100x80000000000000007217135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbc24e431f9d3ec2021-12-23 11:55:33.445root 11241100x80000000000000007217136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834365b0afb7b1ff2021-12-23 11:55:33.445root 11241100x80000000000000007217137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22834efe1ae8cfc02021-12-23 11:55:33.445root 11241100x80000000000000007217138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af6cf7acdc24f072021-12-23 11:55:33.445root 11241100x80000000000000007217139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39470f7c77739bfc2021-12-23 11:55:33.445root 11241100x80000000000000007217140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57a4ba87585a22e2021-12-23 11:55:33.445root 11241100x80000000000000007217141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde0692445326a262021-12-23 11:55:33.445root 11241100x80000000000000007217142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052f90f6bc9ad4ad2021-12-23 11:55:33.445root 11241100x80000000000000007217143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25160d7c4e23dff72021-12-23 11:55:33.445root 11241100x80000000000000007217144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2bcea4193ec77e2021-12-23 11:55:33.446root 11241100x80000000000000007217145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0f60dd8f181ff92021-12-23 11:55:33.943root 11241100x80000000000000007217146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93984858f6c3d2882021-12-23 11:55:33.943root 11241100x80000000000000007217147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4be67c4bd6b267f2021-12-23 11:55:33.943root 11241100x80000000000000007217148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629cd2017f46f5da2021-12-23 11:55:33.943root 11241100x80000000000000007217149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70dab6318d41cb92021-12-23 11:55:33.944root 11241100x80000000000000007217150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f102bf67db4aea2021-12-23 11:55:33.944root 11241100x80000000000000007217151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56312d14455fb3a52021-12-23 11:55:33.944root 11241100x80000000000000007217152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0877cae96df343c72021-12-23 11:55:33.944root 11241100x80000000000000007217153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c5bbdb4defda5a2021-12-23 11:55:33.944root 11241100x80000000000000007217154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d74fd29bf867ae2021-12-23 11:55:33.944root 11241100x80000000000000007217155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd64f9060cf5e1b2021-12-23 11:55:33.944root 11241100x80000000000000007217156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecbf9eac1a279be2021-12-23 11:55:33.944root 11241100x80000000000000007217157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bbe8b5021f09f22021-12-23 11:55:33.944root 11241100x80000000000000007217158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708c9be28928f4a2021-12-23 11:55:33.944root 11241100x80000000000000007217159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b6e49671b5b3f42021-12-23 11:55:33.945root 11241100x80000000000000007217160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4189f7818494a4912021-12-23 11:55:33.945root 11241100x80000000000000007217161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68c09f546c11aba2021-12-23 11:55:33.945root 11241100x80000000000000007217162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54df36400e699ca2021-12-23 11:55:33.945root 11241100x80000000000000007217163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d940aaa82afd72e12021-12-23 11:55:33.945root 11241100x80000000000000007217164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e15c77e83ea437d2021-12-23 11:55:33.945root 11241100x80000000000000007217165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2c89ac6dbf01062021-12-23 11:55:33.945root 11241100x80000000000000007217166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac078c1e0718f6242021-12-23 11:55:33.945root 11241100x80000000000000007217167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a727908046ca94392021-12-23 11:55:33.945root 11241100x80000000000000007217168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d48686be547e322021-12-23 11:55:33.945root 11241100x80000000000000007217169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6752fb51d930652021-12-23 11:55:34.443root 11241100x80000000000000007217170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cd60537a14f63d2021-12-23 11:55:34.443root 11241100x80000000000000007217171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabfccf17f5d7cf52021-12-23 11:55:34.443root 11241100x80000000000000007217172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cadeb40ee1df612021-12-23 11:55:34.444root 11241100x80000000000000007217173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e868e549a2cb3dd2021-12-23 11:55:34.444root 11241100x80000000000000007217174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd78547616cf762021-12-23 11:55:34.444root 11241100x80000000000000007217175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df832979a1788cea2021-12-23 11:55:34.444root 11241100x80000000000000007217176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee04ed42cfa54a52021-12-23 11:55:34.444root 11241100x80000000000000007217177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1660c7d59b90b1c32021-12-23 11:55:34.444root 11241100x80000000000000007217178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e66d5be4a1460ad2021-12-23 11:55:34.444root 11241100x80000000000000007217179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fb26e2210f44662021-12-23 11:55:34.444root 11241100x80000000000000007217180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5de886d9de570862021-12-23 11:55:34.444root 11241100x80000000000000007217181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1028f56a4abffe2021-12-23 11:55:34.444root 11241100x80000000000000007217182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b37d15c299dde82021-12-23 11:55:34.445root 11241100x80000000000000007217183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5215a0aaef10202021-12-23 11:55:34.445root 11241100x80000000000000007217184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354cb750cdf9c2a02021-12-23 11:55:34.445root 11241100x80000000000000007217185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95a74e1e76fab4b2021-12-23 11:55:34.445root 11241100x80000000000000007217186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a3ee0c460644362021-12-23 11:55:34.445root 11241100x80000000000000007217187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd455420e6dcc3652021-12-23 11:55:34.445root 11241100x80000000000000007217188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd3e7b2ee8722c32021-12-23 11:55:34.445root 11241100x80000000000000007217189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28bb332e3bac8132021-12-23 11:55:34.445root 11241100x80000000000000007217190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31099598c5468cb2021-12-23 11:55:34.445root 11241100x80000000000000007217191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fc850217bef3362021-12-23 11:55:34.445root 11241100x80000000000000007217192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5303c114eb5bf6652021-12-23 11:55:34.445root 11241100x80000000000000007217193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8aae5d3c9cc67b2021-12-23 11:55:34.943root 11241100x80000000000000007217194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7079bee5a2aa4b7d2021-12-23 11:55:34.943root 11241100x80000000000000007217195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee9b3241242bc622021-12-23 11:55:34.943root 11241100x80000000000000007217196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae585afa4dc16132021-12-23 11:55:34.943root 11241100x80000000000000007217197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5beb83c79e653ae2021-12-23 11:55:34.943root 11241100x80000000000000007217198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49c20c9b2a939032021-12-23 11:55:34.943root 11241100x80000000000000007217199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c796d1d3eb93172b2021-12-23 11:55:34.943root 11241100x80000000000000007217200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4130c84ed6df9d362021-12-23 11:55:34.943root 11241100x80000000000000007217201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4523d43bae88c62021-12-23 11:55:34.944root 11241100x80000000000000007217202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f4ad69e342e6b02021-12-23 11:55:34.944root 11241100x80000000000000007217203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342fa2170f3b635c2021-12-23 11:55:34.945root 11241100x80000000000000007217204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96c4ed3caa9328d2021-12-23 11:55:34.945root 11241100x80000000000000007217205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f293b0577b42872021-12-23 11:55:34.945root 11241100x80000000000000007217206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e0b2c37eae0cb2021-12-23 11:55:34.945root 11241100x80000000000000007217207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3495ef712799e32021-12-23 11:55:34.945root 11241100x80000000000000007217208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5492ea88cf62f62021-12-23 11:55:34.945root 11241100x80000000000000007217209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e3d189e93c3ecf2021-12-23 11:55:34.945root 11241100x80000000000000007217210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348fddb4e4e452092021-12-23 11:55:34.945root 11241100x80000000000000007217211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9231a245ce1170d02021-12-23 11:55:34.945root 11241100x80000000000000007217212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c5f89d438292592021-12-23 11:55:34.945root 11241100x80000000000000007217213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678d33e216a63a552021-12-23 11:55:34.945root 11241100x80000000000000007217214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab306e8ffe4a5302021-12-23 11:55:34.945root 11241100x80000000000000007217215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000a2b6524da95732021-12-23 11:55:34.946root 11241100x80000000000000007217216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f938eb9cf662f70f2021-12-23 11:55:34.946root 11241100x80000000000000007217217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2fba8aa962d3a72021-12-23 11:55:34.946root 11241100x80000000000000007217218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c09c6c3f70686d2021-12-23 11:55:34.946root 11241100x80000000000000007217219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d667eb6201e5c2712021-12-23 11:55:34.946root 11241100x80000000000000007217220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37815953e6c1a38e2021-12-23 11:55:34.946root 11241100x80000000000000007217221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc9f831735aba482021-12-23 11:55:34.946root 11241100x80000000000000007217222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029ecb54ba5e8a202021-12-23 11:55:34.946root 11241100x80000000000000007217223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746176de942478252021-12-23 11:55:34.946root 11241100x80000000000000007217224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa99e2e8f9ddae2021-12-23 11:55:34.946root 11241100x80000000000000007217225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de588091924d4e52021-12-23 11:55:34.946root 11241100x80000000000000007217226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599ef4eefca0e3cf2021-12-23 11:55:34.947root 11241100x80000000000000007217227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec16582fe4b1382b2021-12-23 11:55:34.947root 11241100x80000000000000007217228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a7d627bf6de46f2021-12-23 11:55:34.947root 11241100x80000000000000007217229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9b5f819bf5ec682021-12-23 11:55:34.947root 11241100x80000000000000007217230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5a7ecd87eb5c272021-12-23 11:55:34.947root 11241100x80000000000000007217231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd8abcfa5bd8cf82021-12-23 11:55:34.947root 11241100x80000000000000007217232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a179f15d6be252df2021-12-23 11:55:34.947root 11241100x80000000000000007217233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a594823ae269d6832021-12-23 11:55:34.947root 11241100x80000000000000007217234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb55e36ff1b13a2021-12-23 11:55:34.947root 11241100x80000000000000007217235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db97c7a98acaab5c2021-12-23 11:55:34.948root 11241100x80000000000000007217236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f0e14234bf257d2021-12-23 11:55:34.948root 11241100x80000000000000007217237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ee1185f908de432021-12-23 11:55:34.948root 11241100x80000000000000007217238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea933afc678c832021-12-23 11:55:34.948root 11241100x80000000000000007217239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95f7886327eab282021-12-23 11:55:34.948root 11241100x80000000000000007217240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf712e16aab6a6922021-12-23 11:55:34.948root 11241100x80000000000000007217241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cec80bc8ed2a8e2021-12-23 11:55:34.948root 11241100x80000000000000007217242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35fa43582c0beae2021-12-23 11:55:34.948root 11241100x80000000000000007217243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e762748b39c0a92021-12-23 11:55:34.948root 11241100x80000000000000007217244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c924f7da42a8ce2e2021-12-23 11:55:34.948root 11241100x80000000000000007217245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a304bb661d4f8b52021-12-23 11:55:34.948root 11241100x80000000000000007217246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232d3acac74b74cd2021-12-23 11:55:34.948root 11241100x80000000000000007217247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09db74709d2eed992021-12-23 11:55:34.949root 11241100x80000000000000007217248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3aca167b0f4e92021-12-23 11:55:34.949root 11241100x80000000000000007217249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d548ef7216c9c62021-12-23 11:55:34.949root 154100x80000000000000007217250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.112{ec2b6afe-63b7-61c4-68b4-55e149560000}5077/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000007217251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.124{ec2b6afe-63b7-61c4-68b4-55e149560000}5077/bin/psroot 11241100x80000000000000007217252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fddcf9b7842015a2021-12-23 11:55:35.443root 11241100x80000000000000007217253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f210ef6dbae60a2021-12-23 11:55:35.443root 11241100x80000000000000007217254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc68f49421b060c2021-12-23 11:55:35.443root 11241100x80000000000000007217255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a790125589d161d2021-12-23 11:55:35.443root 11241100x80000000000000007217256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afabfc03fe328062021-12-23 11:55:35.443root 11241100x80000000000000007217257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f0ab218c440e9c2021-12-23 11:55:35.443root 11241100x80000000000000007217258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3ac843bea36e852021-12-23 11:55:35.443root 11241100x80000000000000007217259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fee8fb319a7cd02021-12-23 11:55:35.443root 11241100x80000000000000007217260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44b74d7ed4a841d2021-12-23 11:55:35.443root 11241100x80000000000000007217261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821921222ef8bfc82021-12-23 11:55:35.443root 11241100x80000000000000007217262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd8a1483b4ebbd12021-12-23 11:55:35.444root 11241100x80000000000000007217263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5863b5278dd4bbe62021-12-23 11:55:35.444root 11241100x80000000000000007217264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9de44e8a7792bc22021-12-23 11:55:35.444root 11241100x80000000000000007217265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa72d3b398ce632021-12-23 11:55:35.444root 11241100x80000000000000007217266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052c24002f55c97d2021-12-23 11:55:35.444root 11241100x80000000000000007217267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cf669d992aac0e2021-12-23 11:55:35.444root 11241100x80000000000000007217268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b80830eb3da76072021-12-23 11:55:35.444root 11241100x80000000000000007217269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53f100269b78e82021-12-23 11:55:35.444root 11241100x80000000000000007217270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d9929bb7432e7d2021-12-23 11:55:35.444root 11241100x80000000000000007217271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8feaa7c8116007c92021-12-23 11:55:35.444root 11241100x80000000000000007217272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a349f9edbbff7f32021-12-23 11:55:35.444root 11241100x80000000000000007217273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530ae4570b4a7e872021-12-23 11:55:35.445root 11241100x80000000000000007217274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5006d6f4355999422021-12-23 11:55:35.445root 11241100x80000000000000007217275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609a0e063bd9b692021-12-23 11:55:35.445root 11241100x80000000000000007217276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d692691a8f1ca1ae2021-12-23 11:55:35.445root 11241100x80000000000000007217277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9083d2a8115dbce12021-12-23 11:55:35.445root 11241100x80000000000000007217278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeb36dc0abae4422021-12-23 11:55:35.445root 11241100x80000000000000007217279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2d40be10d54a3a2021-12-23 11:55:35.445root 11241100x80000000000000007217280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4830bbf90eb528bb2021-12-23 11:55:35.445root 11241100x80000000000000007217281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e836af8ac8bdbae2021-12-23 11:55:35.445root 11241100x80000000000000007217282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc049e843b97f982021-12-23 11:55:35.445root 11241100x80000000000000007217283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0afda6a9f5551662021-12-23 11:55:35.445root 11241100x80000000000000007217284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1813c1aa5adf94a62021-12-23 11:55:35.445root 11241100x80000000000000007217285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db67fb82b3098612021-12-23 11:55:35.445root 23542300x80000000000000007217286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.801{ec2b6afe-6138-61c4-80f2-c0420e560000}5063root/bin/nano/etc/.sudoers.tmp.swp--- 534500x80000000000000007217287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.802{ec2b6afe-6138-61c4-80f2-c0420e560000}5063/bin/nanoroot 534500x80000000000000007217288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.802{ec2b6afe-6138-61c4-683d-aa73e8550000}5062/usr/sbin/visudoroot 11241100x80000000000000007217289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b16e30bdef83d532021-12-23 11:55:35.803root 11241100x80000000000000007217290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fcabc3e5e2f1d02021-12-23 11:55:35.803root 11241100x80000000000000007217291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b669d03aa444ce452021-12-23 11:55:35.803root 11241100x80000000000000007217292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eee4d3cb04b8c2f2021-12-23 11:55:35.803root 11241100x80000000000000007217293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd6d610c66757262021-12-23 11:55:35.803root 11241100x80000000000000007217294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f81077b62e64542021-12-23 11:55:35.803root 11241100x80000000000000007217295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7319f03280ed7b402021-12-23 11:55:35.803root 11241100x80000000000000007217296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886aeddb91181b82021-12-23 11:55:35.803root 11241100x80000000000000007217297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8369fc3dd66bd4612021-12-23 11:55:35.803root 534500x80000000000000007217298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.803{ec2b6afe-6138-61c4-08de-a3281b560000}5061/usr/bin/sudoroot 11241100x80000000000000007217299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c591d102fa41332021-12-23 11:55:35.804root 11241100x80000000000000007217300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f1387c18639ee32021-12-23 11:55:35.804root 11241100x80000000000000007217301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c7c83b143d76ad2021-12-23 11:55:35.804root 11241100x80000000000000007217302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6786099a5192f09f2021-12-23 11:55:35.804root 11241100x80000000000000007217303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53650823500a34c2021-12-23 11:55:35.804root 11241100x80000000000000007217304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f1b644062aa3e72021-12-23 11:55:35.804root 11241100x80000000000000007217305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa312c77e9c5b1f2021-12-23 11:55:35.804root 11241100x80000000000000007217306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71750c7d3ad63df2021-12-23 11:55:35.804root 11241100x80000000000000007217307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac89b32569e1a3d2021-12-23 11:55:35.804root 11241100x80000000000000007217308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfe4a4638a72e802021-12-23 11:55:35.804root 11241100x80000000000000007217309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.804{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1297d18eb24938b2021-12-23 11:55:35.804root 11241100x80000000000000007217310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac58764dda93e542021-12-23 11:55:35.805root 11241100x80000000000000007217311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8988341c5168a6262021-12-23 11:55:35.805root 11241100x80000000000000007217312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107de85ffaeb7bdb2021-12-23 11:55:35.805root 11241100x80000000000000007217313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b140151be23e75f2021-12-23 11:55:35.805root 11241100x80000000000000007217314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04a5c919a8901b32021-12-23 11:55:35.805root 11241100x80000000000000007217315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca77a56e02c1d5892021-12-23 11:55:35.805root 11241100x80000000000000007217316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3d870c90dd0f202021-12-23 11:55:35.805root 11241100x80000000000000007217317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb9e6bb714a0d8d2021-12-23 11:55:35.805root 11241100x80000000000000007217318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331926c9800ccd652021-12-23 11:55:35.805root 11241100x80000000000000007217319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:35.805{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23735c4a0666744c2021-12-23 11:55:35.805root 11241100x80000000000000007217320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c7ab631356a55c2021-12-23 11:55:36.193root 11241100x80000000000000007217321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcbaa7afe3808592021-12-23 11:55:36.193root 11241100x80000000000000007217322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e3aa3571838cd82021-12-23 11:55:36.194root 11241100x80000000000000007217323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e362bb323e65bf92021-12-23 11:55:36.194root 11241100x80000000000000007217324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7c169fbdd5a00f2021-12-23 11:55:36.194root 11241100x80000000000000007217325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5790846292ccfb782021-12-23 11:55:36.194root 11241100x80000000000000007217326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfba364725966752021-12-23 11:55:36.194root 11241100x80000000000000007217327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710fd0f4dafc30172021-12-23 11:55:36.194root 11241100x80000000000000007217328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274da3f43be040222021-12-23 11:55:36.194root 11241100x80000000000000007217329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034f63d469b110de2021-12-23 11:55:36.195root 11241100x80000000000000007217330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84984ea8d81f50852021-12-23 11:55:36.195root 11241100x80000000000000007217331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cff7da12d2dc532021-12-23 11:55:36.195root 11241100x80000000000000007217332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e060a1455aa6c1e2021-12-23 11:55:36.195root 11241100x80000000000000007217333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e569d491af9d632021-12-23 11:55:36.195root 11241100x80000000000000007217334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7c943735eb78e02021-12-23 11:55:36.195root 11241100x80000000000000007217335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9f9a48364ed7b22021-12-23 11:55:36.196root 11241100x80000000000000007217336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599ba94cd75dd6962021-12-23 11:55:36.196root 11241100x80000000000000007217337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc82c2fbbe4f479a2021-12-23 11:55:36.196root 11241100x80000000000000007217338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a53ae57ab2555e2021-12-23 11:55:36.196root 11241100x80000000000000007217339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeb1d5ae68d9df22021-12-23 11:55:36.196root 11241100x80000000000000007217340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b34ec5d82e7ef72021-12-23 11:55:36.196root 11241100x80000000000000007217341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa071b5c2de753d2021-12-23 11:55:36.196root 11241100x80000000000000007217342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024f73f5780e02c2021-12-23 11:55:36.196root 11241100x80000000000000007217343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7760feccc009988f2021-12-23 11:55:36.196root 11241100x80000000000000007217344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7651e179ead97132021-12-23 11:55:36.196root 11241100x80000000000000007217345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe1cce8318eb1592021-12-23 11:55:36.196root 11241100x80000000000000007217346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e67e244b223e7e52021-12-23 11:55:36.196root 11241100x80000000000000007217347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7681b1a3724c92fa2021-12-23 11:55:36.196root 11241100x80000000000000007217348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb95fc03b68852c52021-12-23 11:55:36.197root 11241100x80000000000000007217349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321ec645604581ee2021-12-23 11:55:36.197root 11241100x80000000000000007217350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6777bd82f03542021-12-23 11:55:36.693root 11241100x80000000000000007217351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ace493e35c3fa312021-12-23 11:55:36.694root 11241100x80000000000000007217352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1bb89aab90e6052021-12-23 11:55:36.694root 11241100x80000000000000007217353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8ac317757942c92021-12-23 11:55:36.694root 11241100x80000000000000007217354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c086ba96c38bd32021-12-23 11:55:36.694root 11241100x80000000000000007217355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d433995b3710232021-12-23 11:55:36.694root 11241100x80000000000000007217356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f68b30978d58932021-12-23 11:55:36.694root 11241100x80000000000000007217357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76e490ec6a620fb2021-12-23 11:55:36.694root 11241100x80000000000000007217358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1edcf612a47c7a02021-12-23 11:55:36.694root 11241100x80000000000000007217359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4371d9437c7042762021-12-23 11:55:36.694root 11241100x80000000000000007217360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40853374990125672021-12-23 11:55:36.694root 11241100x80000000000000007217361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff678fcade4ff302021-12-23 11:55:36.694root 354300x80000000000000007217396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:48.173{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33862-false10.0.1.12-8000- 11241100x80000000000000007217397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7149d738e45804552021-12-23 11:55:48.442root 11241100x80000000000000007217398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da9a1a98d1650762021-12-23 11:55:48.942root 11241100x80000000000000007217399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d8f1c71264a4752021-12-23 11:55:49.443root 11241100x80000000000000007217400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef844bcbcc8faa042021-12-23 11:55:49.942root 11241100x80000000000000007217401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67510abb23047832021-12-23 11:55:50.442root 11241100x80000000000000007217402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54dce4155eccd562021-12-23 11:55:50.942root 11241100x80000000000000007217403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed71391d6e7b6b332021-12-23 11:55:51.442root 11241100x80000000000000007217404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb0a7960f2f6a122021-12-23 11:55:51.942root 11241100x80000000000000007217405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857a2962e428c9e92021-12-23 11:55:52.442root 11241100x80000000000000007217406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c20567510a50b32021-12-23 11:55:52.942root 354300x80000000000000007217407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:53.212{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33864-false10.0.1.12-8000- 11241100x80000000000000007217408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:53.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca994abcf03d1972021-12-23 11:55:53.213root 11241100x80000000000000007217409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:53.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3f8e911af304a82021-12-23 11:55:53.692root 11241100x80000000000000007217410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072b024b81bc48c2021-12-23 11:55:53.693root 11241100x80000000000000007217411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35aa5fdb49ea8a52021-12-23 11:55:54.192root 11241100x80000000000000007217412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af61b536e0a460892021-12-23 11:55:54.192root 11241100x80000000000000007217413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:54.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3066dfed38418e262021-12-23 11:55:54.692root 11241100x80000000000000007217414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2dfa38a3a4bd072021-12-23 11:55:54.693root 11241100x80000000000000007217415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:55.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ece496e0f272be32021-12-23 11:55:55.192root 11241100x80000000000000007217416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:55.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c831469898d4952021-12-23 11:55:55.192root 11241100x80000000000000007217417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:55.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220c4ff88a8c92a42021-12-23 11:55:55.692root 11241100x80000000000000007217418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:55.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1092b913d7ccae22021-12-23 11:55:55.692root 11241100x80000000000000007217419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:56.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72a9c4cd8a33f0d2021-12-23 11:55:56.192root 11241100x80000000000000007217420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:56.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d16362d7f7070bd2021-12-23 11:55:56.192root 11241100x80000000000000007217421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:56.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd883b54f3a5d8c2021-12-23 11:55:56.692root 11241100x80000000000000007217422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:56.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec6d6016a54339e2021-12-23 11:55:56.692root 11241100x80000000000000007217423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:57.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d76152c74343cb2021-12-23 11:55:57.192root 11241100x80000000000000007217424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:57.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6a81cfcac20812021-12-23 11:55:57.192root 11241100x80000000000000007217425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fea21e5324138cc2021-12-23 11:55:57.693root 11241100x80000000000000007217426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa539c4b7c262ca32021-12-23 11:55:57.693root 11241100x80000000000000007217427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:58.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b32471a75957692021-12-23 11:55:58.192root 11241100x80000000000000007217428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52816887fabe48bb2021-12-23 11:55:58.193root 11241100x80000000000000007217429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:58.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92f3ec0e6c6901c2021-12-23 11:55:58.692root 11241100x80000000000000007217430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45f887b286079232021-12-23 11:55:58.693root 354300x80000000000000007217431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.064{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33866-false10.0.1.12-8000- 11241100x80000000000000007217432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1247c2e0421a0b2021-12-23 11:55:59.065root 11241100x80000000000000007217433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44042cb2e4c3adb52021-12-23 11:55:59.065root 11241100x80000000000000007217434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc82b903e9aab0782021-12-23 11:55:59.065root 11241100x80000000000000007217435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dda36ae9d78400b2021-12-23 11:55:59.442root 11241100x80000000000000007217436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9e1172b79d61412021-12-23 11:55:59.443root 11241100x80000000000000007217437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e551ac329d571a782021-12-23 11:55:59.443root 11241100x80000000000000007217438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f09959c9d3cc442021-12-23 11:55:59.942root 11241100x80000000000000007217439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff7e0ca171eaac72021-12-23 11:55:59.943root 11241100x80000000000000007217440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:55:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfce4fd234b22e592021-12-23 11:55:59.943root 11241100x80000000000000007217441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-23 11:56:00.141root 11241100x80000000000000007217442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c900a38ac00c432021-12-23 11:56:00.443root 11241100x80000000000000007217443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9e29ad66df66362021-12-23 11:56:00.443root 11241100x80000000000000007217444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96df03127d27b4d72021-12-23 11:56:00.443root 11241100x80000000000000007217445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96133b2195c4ca52021-12-23 11:56:00.443root 11241100x80000000000000007217446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51beaa483f52f0c22021-12-23 11:56:00.942root 11241100x80000000000000007217447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e141f454d059cf42021-12-23 11:56:00.943root 11241100x80000000000000007217448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf36535c2d51eaac2021-12-23 11:56:00.943root 11241100x80000000000000007217449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696f7154937e0f622021-12-23 11:56:00.943root 11241100x80000000000000007217450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd72b6c14aa69bf2021-12-23 11:56:01.442root 11241100x80000000000000007217451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c09d4d4599185612021-12-23 11:56:01.443root 11241100x80000000000000007217452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e27231b5674ea72021-12-23 11:56:01.443root 11241100x80000000000000007217453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7401bb31a79876bd2021-12-23 11:56:01.443root 11241100x80000000000000007217454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4587b06f38933ee12021-12-23 11:56:01.942root 11241100x80000000000000007217455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21827dc23e4438622021-12-23 11:56:01.943root 11241100x80000000000000007217456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684100a9576936142021-12-23 11:56:01.943root 11241100x80000000000000007217457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e9e046ec662bae2021-12-23 11:56:01.943root 11241100x80000000000000007217458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4585156e68e5018c2021-12-23 11:56:02.442root 11241100x80000000000000007217459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e46f94df6417e892021-12-23 11:56:02.443root 11241100x80000000000000007217460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de65f305a4568312021-12-23 11:56:02.443root 11241100x80000000000000007217461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4071208241318a2021-12-23 11:56:02.443root 11241100x80000000000000007217462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37522ea4297233a02021-12-23 11:56:02.942root 11241100x80000000000000007217463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927d6c11a5de0f5d2021-12-23 11:56:02.943root 11241100x80000000000000007217464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d0ab42092b0aec2021-12-23 11:56:02.943root 11241100x80000000000000007217465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0958ca60947d7b2021-12-23 11:56:02.943root 23542300x80000000000000007217466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000007217467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e0c1e2e57c860d2021-12-23 11:56:03.443root 11241100x80000000000000007217468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fde793dc9d401a2021-12-23 11:56:03.443root 11241100x80000000000000007217469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03e9cd844daa0d02021-12-23 11:56:03.443root 11241100x80000000000000007217470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eced7f2f2f68812021-12-23 11:56:03.443root 11241100x80000000000000007217471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1369bbb603691efa2021-12-23 11:56:03.443root 11241100x80000000000000007217472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6babe8ea2dc94d22021-12-23 11:56:03.943root 11241100x80000000000000007217473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3676dcb8a672bfbf2021-12-23 11:56:03.943root 11241100x80000000000000007217474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e1eb216bbe46692021-12-23 11:56:03.943root 11241100x80000000000000007217475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26d8a3819ade5cf2021-12-23 11:56:03.943root 11241100x80000000000000007217476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa9139d34a09ad2021-12-23 11:56:03.943root 354300x80000000000000007217477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.224{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33868-false10.0.1.12-8000- 11241100x80000000000000007217478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163168b5547fcb362021-12-23 11:56:04.224root 11241100x80000000000000007217479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c66756eff46d7b2021-12-23 11:56:04.224root 11241100x80000000000000007217480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa454fb6e5a4e892021-12-23 11:56:04.225root 11241100x80000000000000007217481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90305ceb8b21a0292021-12-23 11:56:04.225root 11241100x80000000000000007217482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1b7fff100e4b72021-12-23 11:56:04.225root 11241100x80000000000000007217483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9beb0a010cbf212021-12-23 11:56:04.225root 11241100x80000000000000007217484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94be24574d7b52e72021-12-23 11:56:04.693root 11241100x80000000000000007217485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10bfaebe54d29602021-12-23 11:56:04.693root 11241100x80000000000000007217486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f37b8ca95701572021-12-23 11:56:04.693root 11241100x80000000000000007217487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb973ffbdc72b3632021-12-23 11:56:04.694root 11241100x80000000000000007217488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f40fea54d9ce4a2021-12-23 11:56:04.694root 11241100x80000000000000007217489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670bd100e4540af92021-12-23 11:56:04.694root 11241100x80000000000000007217490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac768c78fb2d858d2021-12-23 11:56:05.193root 11241100x80000000000000007217491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bcda91187e5f342021-12-23 11:56:05.193root 11241100x80000000000000007217492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b666d6b2c25e8dcb2021-12-23 11:56:05.193root 11241100x80000000000000007217493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b51f877a77ebd552021-12-23 11:56:05.193root 11241100x80000000000000007217494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bc53568012594d2021-12-23 11:56:05.193root 11241100x80000000000000007217495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13efa3471821657b2021-12-23 11:56:05.193root 11241100x80000000000000007217496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ce6647907919a92021-12-23 11:56:05.693root 11241100x80000000000000007217497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0b1c0dedf0cb462021-12-23 11:56:05.693root 11241100x80000000000000007217498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5745692a2ea2ab032021-12-23 11:56:05.693root 11241100x80000000000000007217499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccdd9ba0e771ef12021-12-23 11:56:05.693root 11241100x80000000000000007217500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f18974d7fcdaed2021-12-23 11:56:05.693root 11241100x80000000000000007217501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d92b83b87c6905e2021-12-23 11:56:05.693root 11241100x80000000000000007217502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e832fdb658ea5222021-12-23 11:56:06.193root 11241100x80000000000000007217503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f996cac339e5e2652021-12-23 11:56:06.193root 11241100x80000000000000007217504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a33d443b264892021-12-23 11:56:06.193root 11241100x80000000000000007217505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d5e8e810d7f4dd2021-12-23 11:56:06.193root 11241100x80000000000000007217506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c07c0ad8b97c112021-12-23 11:56:06.193root 11241100x80000000000000007217507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d941fb59c9c419072021-12-23 11:56:06.193root 11241100x80000000000000007217508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13573ab36fbc15ef2021-12-23 11:56:06.693root 11241100x80000000000000007217509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57d9a92c3e935d72021-12-23 11:56:06.693root 11241100x80000000000000007217510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042337797e7436d62021-12-23 11:56:06.693root 11241100x80000000000000007217511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6fbfda9e7674512021-12-23 11:56:06.693root 11241100x80000000000000007217512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73581b0e3d388022021-12-23 11:56:06.693root 11241100x80000000000000007217513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97786ab5e44b3ea2021-12-23 11:56:06.693root 11241100x80000000000000007217514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6832c8da0681312021-12-23 11:56:07.193root 11241100x80000000000000007217515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e5669c1e9a601f2021-12-23 11:56:07.193root 11241100x80000000000000007217516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d917a4403ce6622021-12-23 11:56:07.193root 11241100x80000000000000007217517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed8c783037f2d792021-12-23 11:56:07.193root 11241100x80000000000000007217518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aeeeec10af86b02021-12-23 11:56:07.193root 11241100x80000000000000007217519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12286022a9275b7e2021-12-23 11:56:07.193root 11241100x80000000000000007217520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce6e334748258d82021-12-23 11:56:07.693root 11241100x80000000000000007217521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaea80fb6dcf9aa2021-12-23 11:56:07.693root 11241100x80000000000000007217522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf3905b8ebbdda2021-12-23 11:56:07.693root 11241100x80000000000000007217523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b6bd56cc9982e02021-12-23 11:56:07.693root 11241100x80000000000000007217524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d5241c6648a1552021-12-23 11:56:07.694root 11241100x80000000000000007217525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90164714959536932021-12-23 11:56:07.694root 11241100x80000000000000007217526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f3da03323bdfd52021-12-23 11:56:08.193root 11241100x80000000000000007217527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce1d8b8ad7392082021-12-23 11:56:08.193root 11241100x80000000000000007217528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d914218bbb6b9e792021-12-23 11:56:08.193root 11241100x80000000000000007217529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03dbea2dac75dcc2021-12-23 11:56:08.193root 11241100x80000000000000007217530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a971252649392d362021-12-23 11:56:08.193root 11241100x80000000000000007217531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480b8e871fb6f7982021-12-23 11:56:08.193root 11241100x80000000000000007217532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3567fb107b57907a2021-12-23 11:56:08.693root 11241100x80000000000000007217533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d35ca9e33efbb5b2021-12-23 11:56:08.693root 11241100x80000000000000007217534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c57e6ad3dbaef02021-12-23 11:56:08.693root 11241100x80000000000000007217535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bd01bd9dfb315a2021-12-23 11:56:08.693root 11241100x80000000000000007217536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da12d5d872c72cd2021-12-23 11:56:08.693root 11241100x80000000000000007217537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5031c8b9b5c90df62021-12-23 11:56:08.693root 11241100x80000000000000007217538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fef157d0cd9c1422021-12-23 11:56:09.193root 11241100x80000000000000007217539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7699c0bd0eb56f542021-12-23 11:56:09.193root 11241100x80000000000000007217540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a48eea3b078fba2021-12-23 11:56:09.193root 11241100x80000000000000007217541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb87e0e36070cd52021-12-23 11:56:09.193root 11241100x80000000000000007217542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b190984795448432021-12-23 11:56:09.193root 11241100x80000000000000007217543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6446639a6891e82021-12-23 11:56:09.193root 11241100x80000000000000007217544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4c6b2f417801b62021-12-23 11:56:09.693root 11241100x80000000000000007217545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95b4542c87d67492021-12-23 11:56:09.693root 11241100x80000000000000007217546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0560def120acdc802021-12-23 11:56:09.693root 11241100x80000000000000007217547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e24ee3be55769052021-12-23 11:56:09.693root 11241100x80000000000000007217548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c98745a8d56dbcb2021-12-23 11:56:09.693root 11241100x80000000000000007217549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e0fc9336b7d7992021-12-23 11:56:09.693root 354300x80000000000000007217550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-33870-false10.0.1.12-8000- 11241100x80000000000000007217551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b43373bf21147c2021-12-23 11:56:10.101root 11241100x80000000000000007217552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19251fe92ba591852021-12-23 11:56:10.101root 11241100x80000000000000007217553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ec88d9af30e8f02021-12-23 11:56:10.101root 11241100x80000000000000007217554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07817ee6d4414e92021-12-23 11:56:10.101root 11241100x80000000000000007217555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8de43cdd5c9317f2021-12-23 11:56:10.102root 11241100x80000000000000007217556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a4d8c876ff4a5d2021-12-23 11:56:10.102root 11241100x80000000000000007217557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345a1ac68d81ab562021-12-23 11:56:10.102root 11241100x80000000000000007217558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068f29d8fe5280ae2021-12-23 11:56:10.443root 11241100x80000000000000007217559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d604a167109a9d252021-12-23 11:56:10.443root 11241100x80000000000000007217560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234214f7a67baec72021-12-23 11:56:10.443root 11241100x80000000000000007217561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4129d9811981b62021-12-23 11:56:10.443root 11241100x80000000000000007217562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184bf260c0d022312021-12-23 11:56:10.443root 11241100x80000000000000007217563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c826596679c9612021-12-23 11:56:10.443root 11241100x80000000000000007217564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc98a9dbe003bd112021-12-23 11:56:10.443root 11241100x80000000000000007217565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61809762da2070d2021-12-23 11:56:10.943root 11241100x80000000000000007217566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf86fa9f883f4b52021-12-23 11:56:10.943root 11241100x80000000000000007217567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c54f7f143018e2021-12-23 11:56:10.943root 11241100x80000000000000007217568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c215793619d309612021-12-23 11:56:10.943root 11241100x80000000000000007217569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf71afb815fc8702021-12-23 11:56:10.943root 11241100x80000000000000007217570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccea9fe450e85cf2021-12-23 11:56:10.943root 11241100x80000000000000007217571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2034f19e8d9cf5a02021-12-23 11:56:10.943root 11241100x80000000000000007217572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75de8e88a9acf71a2021-12-23 11:56:11.443root 11241100x80000000000000007217573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e66b4e282304162021-12-23 11:56:11.443root 11241100x80000000000000007217574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d0e327af52ca542021-12-23 11:56:11.443root 11241100x80000000000000007217575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd6a289837fd0142021-12-23 11:56:11.443root 11241100x80000000000000007217576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b614ace0fa64c9b82021-12-23 11:56:11.443root 11241100x80000000000000007217577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b423aeec11c7ebb2021-12-23 11:56:11.443root 11241100x80000000000000007217578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67065ea78cfe0992021-12-23 11:56:11.443root 11241100x80000000000000007217579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00308011aa0171b82021-12-23 11:56:11.943root 11241100x80000000000000007217580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bfd18e74e52832021-12-23 11:56:11.943root 11241100x80000000000000007217581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32be6f0b487f550e2021-12-23 11:56:11.943root 11241100x80000000000000007217582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b43a9151d2363c92021-12-23 11:56:11.943root 11241100x80000000000000007217583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72b5b040859e9da2021-12-23 11:56:11.943root 11241100x80000000000000007217584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5c5c50c5ad0f8f2021-12-23 11:56:11.943root 11241100x80000000000000007217585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef7c39442fd12f32021-12-23 11:56:11.943root 11241100x80000000000000007217586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e946fda997bfde2021-12-23 11:56:12.443root 11241100x80000000000000007217587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eebc367c2dfa0d2021-12-23 11:56:12.443root 11241100x80000000000000007217588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01165d7a413a91522021-12-23 11:56:12.443root 11241100x80000000000000007217589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2792b9882636f3262021-12-23 11:56:12.443root 11241100x80000000000000007217590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a07555385d4fb72021-12-23 11:56:12.443root 11241100x80000000000000007217591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074d7ce892be6c652021-12-23 11:56:12.443root 11241100x80000000000000007217592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8207db5506641f2021-12-23 11:56:12.443root 11241100x80000000000000007217593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ac80498ebef7752021-12-23 11:56:12.943root 11241100x80000000000000007217594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc47943c392a50c2021-12-23 11:56:12.943root 11241100x80000000000000007217595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0862fd04bced472a2021-12-23 11:56:12.943root 11241100x80000000000000007217596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d23fa2c03a7e0d2021-12-23 11:56:12.943root 11241100x80000000000000007217597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79de6b663364d8192021-12-23 11:56:12.943root 11241100x80000000000000007217598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42962ef751fda3832021-12-23 11:56:12.943root 11241100x80000000000000007217599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fa8c50aa4c025b2021-12-23 11:56:12.943root 11241100x80000000000000007217600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740c62e6181778fd2021-12-23 11:56:13.443root 11241100x80000000000000007217601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f892262542051b2021-12-23 11:56:13.443root 11241100x80000000000000007217602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656db5c24466ce0b2021-12-23 11:56:13.443root 11241100x80000000000000007217603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76849710391de51d2021-12-23 11:56:13.443root 11241100x80000000000000007217604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88209c669de079a22021-12-23 11:56:13.443root 11241100x80000000000000007217605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e021badcae85f162021-12-23 11:56:13.443root 11241100x80000000000000007217606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07307bf8c5ffaa0d2021-12-23 11:56:13.443root 11241100x80000000000000007217607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11b8485342a12e2021-12-23 11:56:13.943root 11241100x80000000000000007217608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cb575b3e7bf4b72021-12-23 11:56:13.943root 11241100x80000000000000007217609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eda2bc88ea07ca72021-12-23 11:56:13.943root 11241100x80000000000000007217610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57bbe84e236f6672021-12-23 11:56:13.943root 11241100x80000000000000007217611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd97b08248600bec2021-12-23 11:56:13.943root 11241100x80000000000000007217612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b29093c542cb72021-12-23 11:56:13.943root 11241100x80000000000000007217613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6899f6ff54485bd72021-12-23 11:56:13.943root 11241100x80000000000000007217614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843de6ca476f75982021-12-23 11:56:14.443root 11241100x80000000000000007217615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0b59f2b362e1a22021-12-23 11:56:14.443root 11241100x80000000000000007217616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e79ba4162abd12021-12-23 11:56:14.443root 11241100x80000000000000007217617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e631a57ee76e6b22021-12-23 11:56:14.443root 11241100x80000000000000007217618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff2349a484a3e732021-12-23 11:56:14.444root 11241100x80000000000000007217619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a389e0b344aaa82021-12-23 11:56:14.444root 11241100x80000000000000007217620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6f32cc8e0a10482021-12-23 11:56:14.444root 11241100x80000000000000007217621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebf75e0abd2c8202021-12-23 11:56:14.943root 11241100x80000000000000007217622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaa222f3aecbd662021-12-23 11:56:14.943root 11241100x80000000000000007217623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffb50faca561e782021-12-23 11:56:14.943root 11241100x80000000000000007217624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeb16311858d55d2021-12-23 11:56:14.943root 11241100x80000000000000007217625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370bc55457b91252021-12-23 11:56:14.943root 11241100x80000000000000007217626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6189bdd6747167412021-12-23 11:56:14.943root 11241100x80000000000000007217627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-23 11:56:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eb43b99f5769892021-12-23 11:56:14.943root