154100x8000000000000000398788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.229{ec2b6afe-aea3-61c1-68c4-9ab58b550000}9753/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000398789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.240{ec2b6afe-aea3-61c1-68c4-9ab58b550000}9753/bin/psroot 11241100x8000000000000000398790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa461d97df9994aa2021-12-21 10:38:27.692root 11241100x8000000000000000398791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b902c8ac343822021-12-21 10:38:27.693root 354300x8000000000000000398792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.037{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47390-false10.0.1.12-8000- 11241100x8000000000000000398793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18596c2540c1cef32021-12-21 10:38:28.038root 11241100x8000000000000000398794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11aaadfe01997e502021-12-21 10:38:28.038root 11241100x8000000000000000398795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469b75378df4b0242021-12-21 10:38:28.442root 11241100x8000000000000000398796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3494d7da29f5240c2021-12-21 10:38:28.443root 11241100x8000000000000000398797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924873ac51e2434c2021-12-21 10:38:28.443root 11241100x8000000000000000398798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c42b53dddb6e72c2021-12-21 10:38:28.942root 11241100x8000000000000000398799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce6bd1fa32eab872021-12-21 10:38:28.943root 11241100x8000000000000000398800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1665c9a498dbf8fe2021-12-21 10:38:28.943root 11241100x8000000000000000398801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a03912421b6cf2021-12-21 10:38:29.442root 11241100x8000000000000000398802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7aa3aeba78d5982021-12-21 10:38:29.443root 11241100x8000000000000000398803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef1dbf369400f22021-12-21 10:38:29.443root 11241100x8000000000000000398804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ef0ed8758a48562021-12-21 10:38:29.942root 11241100x8000000000000000398805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe88f6353f80f562021-12-21 10:38:29.943root 11241100x8000000000000000398806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc52516318cab0bf2021-12-21 10:38:29.943root 11241100x8000000000000000398807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aebda7a80449842021-12-21 10:38:30.442root 11241100x8000000000000000398808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2464ba961d01dd2021-12-21 10:38:30.443root 11241100x8000000000000000398809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a0248ed64b2f712021-12-21 10:38:30.443root 11241100x8000000000000000398810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb497c5e30bf2702021-12-21 10:38:30.942root 11241100x8000000000000000398811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fca10c7efd07ae2021-12-21 10:38:30.943root 11241100x8000000000000000398812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26611ae80838176f2021-12-21 10:38:30.943root 11241100x8000000000000000398813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97111fb677ebbfd22021-12-21 10:38:31.442root 11241100x8000000000000000398814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef37ba6db3638b2021-12-21 10:38:31.443root 11241100x8000000000000000398815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefb1b96fe2cfe742021-12-21 10:38:31.443root 11241100x8000000000000000398816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e529cea8e380fd2d2021-12-21 10:38:31.942root 11241100x8000000000000000398817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730f038fe147e9382021-12-21 10:38:31.943root 11241100x8000000000000000398818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad7727da760e912021-12-21 10:38:31.943root 11241100x8000000000000000398819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374df72f834764d02021-12-21 10:38:32.442root 11241100x8000000000000000398820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bee4161120f76c2021-12-21 10:38:32.443root 11241100x8000000000000000398821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9b64e83c101dff2021-12-21 10:38:32.443root 11241100x8000000000000000398822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210ec009aed1e84b2021-12-21 10:38:32.942root 11241100x8000000000000000398823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5047dfc02e09ac462021-12-21 10:38:32.943root 11241100x8000000000000000398824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7fa29eb356e5c2021-12-21 10:38:32.943root 354300x8000000000000000398825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.166{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47392-false10.0.1.12-8000- 11241100x8000000000000000398826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9899154d82b678742021-12-21 10:38:33.442root 11241100x8000000000000000398827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9cf9bcf426fcf72021-12-21 10:38:33.443root 11241100x8000000000000000398828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1044b4719bb6eb4e2021-12-21 10:38:33.443root 11241100x8000000000000000398829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e37c218fd68e32021-12-21 10:38:33.443root 11241100x8000000000000000398830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ace92dc10e958602021-12-21 10:38:33.942root 11241100x8000000000000000398831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab19fe202e110c2021-12-21 10:38:33.943root 11241100x8000000000000000398832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cc0347195408c22021-12-21 10:38:33.943root 11241100x8000000000000000398833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1232812727acc83f2021-12-21 10:38:33.943root 11241100x8000000000000000398834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a8d15756e6d9932021-12-21 10:38:34.442root 11241100x8000000000000000398835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22489d79191964f2021-12-21 10:38:34.443root 11241100x8000000000000000398836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998000bd57d31cb52021-12-21 10:38:34.443root 11241100x8000000000000000398837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93003d3d90607bd62021-12-21 10:38:34.443root 11241100x8000000000000000398838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c33517915d16f3f2021-12-21 10:38:34.942root 11241100x8000000000000000398839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a57fd02773567272021-12-21 10:38:34.943root 11241100x8000000000000000398840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61a89a69f057d02021-12-21 10:38:34.943root 11241100x8000000000000000398841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e5d8f232c237b2021-12-21 10:38:34.943root 11241100x8000000000000000398842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f810a1f4dd2f5a102021-12-21 10:38:35.442root 11241100x8000000000000000398843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69baf157afa156522021-12-21 10:38:35.443root 11241100x8000000000000000398844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e027245378829ed32021-12-21 10:38:35.443root 11241100x8000000000000000398845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f9f4ce141e6d6c2021-12-21 10:38:35.443root 11241100x8000000000000000398846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69d2eeacbcc7a232021-12-21 10:38:35.942root 11241100x8000000000000000398847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb4504d5b431f212021-12-21 10:38:35.943root 11241100x8000000000000000398848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fb45b05d2e9a3f2021-12-21 10:38:35.943root 11241100x8000000000000000398849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63079731dcdcd112021-12-21 10:38:35.943root 11241100x8000000000000000398850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:38:36.345root 11241100x8000000000000000398851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246dabe12eb16a52021-12-21 10:38:36.346root 11241100x8000000000000000398852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed64a848fad59b2021-12-21 10:38:36.346root 11241100x8000000000000000398853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48404715e6b81b632021-12-21 10:38:36.346root 11241100x8000000000000000398854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39cfebfd4344a0e2021-12-21 10:38:36.346root 11241100x8000000000000000398855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c582570b334b2f02021-12-21 10:38:36.346root 11241100x8000000000000000398856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888bfa4ee52916ae2021-12-21 10:38:36.693root 11241100x8000000000000000398857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dc4bb72208daae2021-12-21 10:38:36.693root 11241100x8000000000000000398858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8464dcadb2c44ab42021-12-21 10:38:36.693root 11241100x8000000000000000398859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe44f5f63dde1562021-12-21 10:38:36.693root 11241100x8000000000000000398860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaf1b8198e0a29e2021-12-21 10:38:36.693root 11241100x8000000000000000398861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5362fe87ea222de82021-12-21 10:38:37.193root 11241100x8000000000000000398862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c71a131beb1fde22021-12-21 10:38:37.193root 11241100x8000000000000000398863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ffe77916c36ae02021-12-21 10:38:37.193root 11241100x8000000000000000398864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287ad4cf93cd362e2021-12-21 10:38:37.193root 11241100x8000000000000000398865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58063184f4e21c522021-12-21 10:38:37.193root 11241100x8000000000000000398866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790a78a9982df3522021-12-21 10:38:37.693root 11241100x8000000000000000398867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd933daaff08b4b72021-12-21 10:38:37.693root 11241100x8000000000000000398868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cef4b6f34081afa2021-12-21 10:38:37.693root 11241100x8000000000000000398869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6301d8fae711252021-12-21 10:38:37.693root 11241100x8000000000000000398870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac17a949b56c0172021-12-21 10:38:37.693root 11241100x8000000000000000398871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938c204bd26bc8362021-12-21 10:38:38.193root 11241100x8000000000000000398872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c98854c05957e2021-12-21 10:38:38.193root 11241100x8000000000000000398873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88af9ee8751f5402021-12-21 10:38:38.193root 11241100x8000000000000000398874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c080ee4b723e8f2f2021-12-21 10:38:38.193root 11241100x8000000000000000398875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafc8474f46764bb2021-12-21 10:38:38.193root 11241100x8000000000000000398876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedd09799a92658d2021-12-21 10:38:38.693root 11241100x8000000000000000398877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ef6a1d1307a8f12021-12-21 10:38:38.693root 11241100x8000000000000000398878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3e7584eb17ac2d2021-12-21 10:38:38.693root 11241100x8000000000000000398879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445d79d8fc094dd2021-12-21 10:38:38.693root 11241100x8000000000000000398880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30c97c6a9983e4d2021-12-21 10:38:38.693root 354300x8000000000000000398881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.098{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47394-false10.0.1.12-8000- 11241100x8000000000000000398882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3481e36678474c642021-12-21 10:38:39.099root 11241100x8000000000000000398883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f55d5752609076f2021-12-21 10:38:39.099root 11241100x8000000000000000398884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5972f7eaafe1f52a2021-12-21 10:38:39.099root 11241100x8000000000000000398885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6bd13eb80a7012021-12-21 10:38:39.099root 11241100x8000000000000000398886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e8cd757dd626b52021-12-21 10:38:39.099root 11241100x8000000000000000398887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab645f99107ed97d2021-12-21 10:38:39.099root 23542300x8000000000000000398888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.347{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000398889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3151b2a977de0d2021-12-21 10:38:39.443root 11241100x8000000000000000398890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2432440fa4b1e62021-12-21 10:38:39.443root 11241100x8000000000000000398891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529978efc4f6d4a42021-12-21 10:38:39.443root 11241100x8000000000000000398892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce80941c5ac5c0a2021-12-21 10:38:39.443root 11241100x8000000000000000398893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b68a78a59ea04372021-12-21 10:38:39.443root 11241100x8000000000000000398894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deed6697930ac1a42021-12-21 10:38:39.443root 11241100x8000000000000000398895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3936f4bcbe6193662021-12-21 10:38:39.443root 11241100x8000000000000000398896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5ffe40bd69795e2021-12-21 10:38:39.943root 11241100x8000000000000000398897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fe6e515b54e3622021-12-21 10:38:39.943root 11241100x8000000000000000398898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e01e95d73893562021-12-21 10:38:39.943root 11241100x8000000000000000398899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66b3831b2292bdf2021-12-21 10:38:39.943root 11241100x8000000000000000398900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda74b80dadb6e202021-12-21 10:38:39.943root 11241100x8000000000000000398901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b113a2477215d6c2021-12-21 10:38:39.943root 11241100x8000000000000000398902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51187a303a1ba7052021-12-21 10:38:39.943root 11241100x8000000000000000398903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21aa476a7e979d42021-12-21 10:38:40.443root 11241100x8000000000000000398904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a1956ce4d700e72021-12-21 10:38:40.443root 11241100x8000000000000000398905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da2ee865f7e8d102021-12-21 10:38:40.443root 11241100x8000000000000000398906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a28eceb7d759c2021-12-21 10:38:40.443root 11241100x8000000000000000398907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d5f46718ca908b2021-12-21 10:38:40.443root 11241100x8000000000000000398908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e465a5a1221d0f2021-12-21 10:38:40.443root 11241100x8000000000000000398909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cf018de18250bf2021-12-21 10:38:40.443root 11241100x8000000000000000398910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4552d8f5f8f90e812021-12-21 10:38:40.943root 11241100x8000000000000000398911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0a01da7cbe9d522021-12-21 10:38:40.943root 11241100x8000000000000000398912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0af393253ff452021-12-21 10:38:40.943root 11241100x8000000000000000398913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a98499547d1a362021-12-21 10:38:40.943root 11241100x8000000000000000398914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec29b78a753511b2021-12-21 10:38:40.943root 11241100x8000000000000000398915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb84f0e760a24c72021-12-21 10:38:40.943root 11241100x8000000000000000398916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae603f4169fdc72021-12-21 10:38:40.943root 11241100x8000000000000000398917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56180473f8d3d7e2021-12-21 10:38:41.443root 11241100x8000000000000000398918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259d115964b58e1f2021-12-21 10:38:41.443root 11241100x8000000000000000398919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c84202c3f8edb2021-12-21 10:38:41.443root 11241100x8000000000000000398920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be0a86631504c82021-12-21 10:38:41.443root 11241100x8000000000000000398921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ae4bef244fbaa92021-12-21 10:38:41.443root 11241100x8000000000000000398922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b32037c115461272021-12-21 10:38:41.443root 11241100x8000000000000000398923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d3f6db8986e60d2021-12-21 10:38:41.443root 11241100x8000000000000000398924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07725ba3c45359e2021-12-21 10:38:41.943root 11241100x8000000000000000398925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4960e322ac73aac2021-12-21 10:38:41.943root 11241100x8000000000000000398926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77058482ff7dca2021-12-21 10:38:41.943root 11241100x8000000000000000398927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a138d58531155c82021-12-21 10:38:41.943root 11241100x8000000000000000398928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b53b1dc2f888b2021-12-21 10:38:41.943root 11241100x8000000000000000398929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb084f03e3cc2d642021-12-21 10:38:41.943root 11241100x8000000000000000398930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49672a7650f16bbe2021-12-21 10:38:41.943root 11241100x8000000000000000398931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d3f77960336092021-12-21 10:38:42.443root 11241100x8000000000000000398932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62ab77bb4a0aa892021-12-21 10:38:42.443root 11241100x8000000000000000398933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2217ffe784766722021-12-21 10:38:42.443root 11241100x8000000000000000398934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37827aa671a4262021-12-21 10:38:42.443root 11241100x8000000000000000398935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451c8f9de194a07a2021-12-21 10:38:42.443root 11241100x8000000000000000398936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0963823bacf81762021-12-21 10:38:42.443root 11241100x8000000000000000398937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc6de24d1da18602021-12-21 10:38:42.443root 11241100x8000000000000000398938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e68dc95d58638852021-12-21 10:38:42.943root 11241100x8000000000000000398939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad046b90bd49d492021-12-21 10:38:42.943root 11241100x8000000000000000398940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bd688f8fe461072021-12-21 10:38:42.943root 11241100x8000000000000000398941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9c6a53a89dc0a82021-12-21 10:38:42.943root 11241100x8000000000000000398942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7a3bafb345398c2021-12-21 10:38:42.943root 11241100x8000000000000000398943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f97f8b12bf398232021-12-21 10:38:42.943root 11241100x8000000000000000398944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317002c6a5196152021-12-21 10:38:42.943root 11241100x8000000000000000398945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d2bcc0e7daaf932021-12-21 10:38:43.443root 11241100x8000000000000000398946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6830f7c7ca7b6ee2021-12-21 10:38:43.443root 11241100x8000000000000000398947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1942a1f2a9bb882021-12-21 10:38:43.443root 11241100x8000000000000000398948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d432e8e9034872021-12-21 10:38:43.443root 11241100x8000000000000000398949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e50e1490f50a132021-12-21 10:38:43.443root 11241100x8000000000000000398950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a88ce54b9101092021-12-21 10:38:43.443root 11241100x8000000000000000398951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e9037925d92f552021-12-21 10:38:43.443root 11241100x8000000000000000398952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ebf1afb217e7a22021-12-21 10:38:43.943root 11241100x8000000000000000398953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c1618a9c45e8262021-12-21 10:38:43.943root 11241100x8000000000000000398954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05ed5bc3a668a072021-12-21 10:38:43.943root 11241100x8000000000000000398955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5890b591acae62af2021-12-21 10:38:43.943root 11241100x8000000000000000398956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92880461ab6f302d2021-12-21 10:38:43.943root 11241100x8000000000000000398957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1a5165392c09ff2021-12-21 10:38:43.943root 11241100x8000000000000000398958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda7bff3a83b7afc2021-12-21 10:38:43.943root 354300x8000000000000000398959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.214{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47396-false10.0.1.12-8000- 11241100x8000000000000000398960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dbf8f5cc6a1d222021-12-21 10:38:44.215root 11241100x8000000000000000398961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff7259abdaf48d2021-12-21 10:38:44.215root 11241100x8000000000000000398962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a3a32f369d74612021-12-21 10:38:44.216root 11241100x8000000000000000398963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c88c5b5efd24122021-12-21 10:38:44.216root 11241100x8000000000000000398964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dcc66dace26a552021-12-21 10:38:44.216root 11241100x8000000000000000398965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96092cda232d82712021-12-21 10:38:44.216root 11241100x8000000000000000398966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5eae8058872a32021-12-21 10:38:44.216root 11241100x8000000000000000398967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9f436ca6fc2d182021-12-21 10:38:44.217root 11241100x8000000000000000398968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1b45c8ddff399f2021-12-21 10:38:44.693root 11241100x8000000000000000398969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27554ef82ad358882021-12-21 10:38:44.693root 11241100x8000000000000000398970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f70375252aea232021-12-21 10:38:44.693root 11241100x8000000000000000398971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8cd5a4287fc21c2021-12-21 10:38:44.693root 11241100x8000000000000000398972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b5406eedae81a02021-12-21 10:38:44.693root 11241100x8000000000000000398973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc593f8c1511f0c2021-12-21 10:38:44.693root 11241100x8000000000000000398974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940eb0f670a371832021-12-21 10:38:44.693root 11241100x8000000000000000398975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7834110188fde8702021-12-21 10:38:44.694root 11241100x8000000000000000398976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066de3c11f87d152021-12-21 10:38:45.193root 11241100x8000000000000000398977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b1b0ed4b4165312021-12-21 10:38:45.193root 11241100x8000000000000000398978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1801da96ac7ea02021-12-21 10:38:45.193root 11241100x8000000000000000398979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c27305a37ab48572021-12-21 10:38:45.193root 11241100x8000000000000000398980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d48d95b9f8a87a52021-12-21 10:38:45.193root 11241100x8000000000000000398981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e76b17457e2d72021-12-21 10:38:45.193root 11241100x8000000000000000398982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bc379a28b148922021-12-21 10:38:45.193root 11241100x8000000000000000398983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf1d857d2718532021-12-21 10:38:45.193root 11241100x8000000000000000398984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd541c033ea5002021-12-21 10:38:45.693root 11241100x8000000000000000398985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb03e563646f22a2021-12-21 10:38:45.693root 11241100x8000000000000000398986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e43d2c1948e172021-12-21 10:38:45.693root 11241100x8000000000000000398987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d321a22346513d8e2021-12-21 10:38:45.693root 11241100x8000000000000000398988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdd21c2a25dd1a52021-12-21 10:38:45.693root 11241100x8000000000000000398989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42de293aa7c56fee2021-12-21 10:38:45.693root 11241100x8000000000000000398990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba8ee58b109f1022021-12-21 10:38:45.693root 11241100x8000000000000000398991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000f6148a909b262021-12-21 10:38:45.693root 11241100x8000000000000000398992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f7a3b712c8d7e62021-12-21 10:38:46.193root 11241100x8000000000000000398993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a722641d5007ed8a2021-12-21 10:38:46.193root 11241100x8000000000000000398994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f6dd955ff818282021-12-21 10:38:46.193root 11241100x8000000000000000398995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060e3b15d5f2c3f62021-12-21 10:38:46.193root 11241100x8000000000000000398996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cdbe340f8407562021-12-21 10:38:46.193root 11241100x8000000000000000398997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e2bceca05c75ea2021-12-21 10:38:46.193root 11241100x8000000000000000398998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4878b878fd211c2021-12-21 10:38:46.193root 11241100x8000000000000000398999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2324b7ec9281182021-12-21 10:38:46.193root 11241100x8000000000000000399000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd45447bb45d65392021-12-21 10:38:46.693root 11241100x8000000000000000399001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56001b9800618dc62021-12-21 10:38:46.693root 11241100x8000000000000000399002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55c09f78181b94e2021-12-21 10:38:46.693root 11241100x8000000000000000399003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d3203d857e40532021-12-21 10:38:46.693root 11241100x8000000000000000399004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a983cffdb09f2a942021-12-21 10:38:46.693root 11241100x8000000000000000399005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe37e78929762d92021-12-21 10:38:46.693root 11241100x8000000000000000399006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1606873a8e45172021-12-21 10:38:46.693root 11241100x8000000000000000399007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10b8b1b72b5a7602021-12-21 10:38:46.693root 11241100x8000000000000000399008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bb28d04f2003cf2021-12-21 10:38:47.193root 11241100x8000000000000000399009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4e22448ca00da82021-12-21 10:38:47.193root 11241100x8000000000000000399010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfda6885ca70461e2021-12-21 10:38:47.193root 11241100x8000000000000000399011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b11465bb7c66aa2021-12-21 10:38:47.193root 11241100x8000000000000000399012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c24268f282a860a2021-12-21 10:38:47.193root 11241100x8000000000000000399013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df197c07376b422b2021-12-21 10:38:47.193root 11241100x8000000000000000399014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f8885b2ff5608d2021-12-21 10:38:47.193root 11241100x8000000000000000399015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9aaa5bb2558fdb2021-12-21 10:38:47.193root 11241100x8000000000000000399016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9088fd5fed3d4b412021-12-21 10:38:47.693root 11241100x8000000000000000399017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d262aea18ecb7b4d2021-12-21 10:38:47.693root 11241100x8000000000000000399018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0173a1c30e8a79362021-12-21 10:38:47.693root 11241100x8000000000000000399019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663fd12c46bf27942021-12-21 10:38:47.693root 11241100x8000000000000000399020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceca0c3628a324762021-12-21 10:38:47.693root 11241100x8000000000000000399021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93e13ec35ea84a02021-12-21 10:38:47.693root 11241100x8000000000000000399022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c1e403cd812dfe2021-12-21 10:38:47.693root 11241100x8000000000000000399023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a89f01060c2de9b2021-12-21 10:38:47.693root 11241100x8000000000000000399024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b059e33e7988962021-12-21 10:38:48.193root 11241100x8000000000000000399025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d17e148a6031a62021-12-21 10:38:48.193root 11241100x8000000000000000399026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4313691b6deb1002021-12-21 10:38:48.193root 11241100x8000000000000000399027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c56c3430d30929b2021-12-21 10:38:48.193root 11241100x8000000000000000399028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f7dd6d967630f22021-12-21 10:38:48.193root 11241100x8000000000000000399029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaf372f608e38182021-12-21 10:38:48.193root 11241100x8000000000000000399030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda7811228ec5d7e2021-12-21 10:38:48.193root 11241100x8000000000000000399031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cf48011e32b6622021-12-21 10:38:48.194root 11241100x8000000000000000399032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6cd30904f224d22021-12-21 10:38:48.693root 11241100x8000000000000000399033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feef89198b8ca2aa2021-12-21 10:38:48.693root 11241100x8000000000000000399034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78d42ac0a171bfb2021-12-21 10:38:48.693root 11241100x8000000000000000399035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6614fbf7b3c1db782021-12-21 10:38:48.693root 11241100x8000000000000000399036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e990cba2ac4d9a2021-12-21 10:38:48.693root 11241100x8000000000000000399037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd942fea8ec52a42021-12-21 10:38:48.693root 11241100x8000000000000000399038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c840bcb706074b822021-12-21 10:38:48.693root 11241100x8000000000000000399039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1278dcdcb0261d2a2021-12-21 10:38:48.693root 11241100x8000000000000000399040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fd8a9b8f196bde2021-12-21 10:38:49.193root 11241100x8000000000000000399041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d81e37d592fbe42021-12-21 10:38:49.193root 11241100x8000000000000000399042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ec6f10d8677eba2021-12-21 10:38:49.193root 11241100x8000000000000000399043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b46f256e60ad1b2021-12-21 10:38:49.193root 11241100x8000000000000000399044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae8242d4d0f57182021-12-21 10:38:49.193root 11241100x8000000000000000399045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fb68314127b7d92021-12-21 10:38:49.193root 11241100x8000000000000000399046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0211c6077b3f31902021-12-21 10:38:49.193root 11241100x8000000000000000399047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8679ac2ec2ee97042021-12-21 10:38:49.193root 11241100x8000000000000000399048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2de096fe3314492021-12-21 10:38:49.693root 11241100x8000000000000000399049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687f9c29e915eb7b2021-12-21 10:38:49.693root 11241100x8000000000000000399050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a319b3565a2e702021-12-21 10:38:49.693root 11241100x8000000000000000399051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cb671b053c724e2021-12-21 10:38:49.693root 11241100x8000000000000000399052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e375bfffd04824a42021-12-21 10:38:49.693root 11241100x8000000000000000399053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68bd634023ab1482021-12-21 10:38:49.693root 11241100x8000000000000000399054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea650f5f775cb202021-12-21 10:38:49.693root 11241100x8000000000000000399055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06af1cd601c1f1282021-12-21 10:38:49.693root 354300x8000000000000000399056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47398-false10.0.1.12-8000- 11241100x8000000000000000399057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05df6c37104aea312021-12-21 10:38:50.090root 11241100x8000000000000000399058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d55576654c09612021-12-21 10:38:50.090root 11241100x8000000000000000399059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac46207f0f18a0e2021-12-21 10:38:50.090root 11241100x8000000000000000399060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d226cf67c61ec2021-12-21 10:38:50.091root 11241100x8000000000000000399061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b07b70fbb6fec8f2021-12-21 10:38:50.091root 11241100x8000000000000000399062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28972bc422d970f12021-12-21 10:38:50.091root 11241100x8000000000000000399063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233dd13f038ab22a2021-12-21 10:38:50.091root 11241100x8000000000000000399064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47468c742bd0b8b52021-12-21 10:38:50.091root 11241100x8000000000000000399065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d1a4c6b5e459cd2021-12-21 10:38:50.091root 11241100x8000000000000000399066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f0fc19c083d1f32021-12-21 10:38:50.443root 11241100x8000000000000000399067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c521a341fc4bdff2021-12-21 10:38:50.443root 11241100x8000000000000000399068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e3a33e8c0bdd142021-12-21 10:38:50.443root 11241100x8000000000000000399069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc22534e6bda2302021-12-21 10:38:50.443root 11241100x8000000000000000399070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fda89785c3ac3fb2021-12-21 10:38:50.443root 11241100x8000000000000000399071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754812d0c54905b2021-12-21 10:38:50.443root 11241100x8000000000000000399072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb632005039ca8772021-12-21 10:38:50.443root 11241100x8000000000000000399073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7df9dbaedf67702021-12-21 10:38:50.444root 11241100x8000000000000000399074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9717c22d06742c812021-12-21 10:38:50.444root 11241100x8000000000000000399075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fb11f81fa4b86a2021-12-21 10:38:50.943root 11241100x8000000000000000399076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c837f3e6220872021-12-21 10:38:50.943root 11241100x8000000000000000399077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac3e53025ef14182021-12-21 10:38:50.943root 11241100x8000000000000000399078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48f4b4fee51fcce2021-12-21 10:38:50.943root 11241100x8000000000000000399079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65afccdcdd39a42021-12-21 10:38:50.943root 11241100x8000000000000000399080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866d27552c3400b12021-12-21 10:38:50.943root 11241100x8000000000000000399081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f05e10141e57b42021-12-21 10:38:50.943root 11241100x8000000000000000399082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc13ae6f108bf3232021-12-21 10:38:50.943root 11241100x8000000000000000399083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36c2c1c9b8e15b2021-12-21 10:38:50.943root 11241100x8000000000000000399084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cf2bd5adaca462021-12-21 10:38:51.443root 11241100x8000000000000000399085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe462027af02583e2021-12-21 10:38:51.443root 11241100x8000000000000000399086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e189b363b1884d962021-12-21 10:38:51.443root 11241100x8000000000000000399087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c32449208cc732021-12-21 10:38:51.443root 11241100x8000000000000000399088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec0d95550c13ead2021-12-21 10:38:51.443root 11241100x8000000000000000399089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0a29eb9f75356d2021-12-21 10:38:51.443root 11241100x8000000000000000399090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f63a41d21ca93572021-12-21 10:38:51.443root 11241100x8000000000000000399091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016c25fb33d81b532021-12-21 10:38:51.443root 11241100x8000000000000000399092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00602344a375d62021-12-21 10:38:51.443root 11241100x8000000000000000399093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b0f9a964316ea22021-12-21 10:38:51.943root 11241100x8000000000000000399094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ee272475c9f0312021-12-21 10:38:51.943root 11241100x8000000000000000399095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e3a1e27dcb331c2021-12-21 10:38:51.943root 11241100x8000000000000000399096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200c2b10443762002021-12-21 10:38:51.943root 11241100x8000000000000000399097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec5bbe5c4bc9e672021-12-21 10:38:51.943root 11241100x8000000000000000399098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0e13f1d96fa602021-12-21 10:38:51.943root 11241100x8000000000000000399099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64289316e2a8f282021-12-21 10:38:51.943root 11241100x8000000000000000399100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f3f9f203c33c82021-12-21 10:38:51.943root 11241100x8000000000000000399101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fecd792d83823c82021-12-21 10:38:51.943root 11241100x8000000000000000399102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ad12c2da72c9aa2021-12-21 10:38:52.443root 11241100x8000000000000000399103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4861ddd62559fa42021-12-21 10:38:52.443root 11241100x8000000000000000399104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7099aaff231fe5002021-12-21 10:38:52.443root 11241100x8000000000000000399105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217256869e3b07d22021-12-21 10:38:52.443root 11241100x8000000000000000399106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63e923ab3946c2e2021-12-21 10:38:52.443root 11241100x8000000000000000399107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434ed34d2b1a88bb2021-12-21 10:38:52.443root 11241100x8000000000000000399108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e7aeae86eba5d2021-12-21 10:38:52.443root 11241100x8000000000000000399109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0af18d4c897552021-12-21 10:38:52.443root 11241100x8000000000000000399110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b63de4e4326758c2021-12-21 10:38:52.443root 11241100x8000000000000000399111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19362347ff67e1722021-12-21 10:38:52.943root 11241100x8000000000000000399112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcada7fd186c09952021-12-21 10:38:52.943root 11241100x8000000000000000399113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e8248e01ff7f6f2021-12-21 10:38:52.943root 11241100x8000000000000000399114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399444fac5c7915f2021-12-21 10:38:52.943root 11241100x8000000000000000399115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc5154d7146532e2021-12-21 10:38:52.943root 11241100x8000000000000000399116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b0dd13456073aa2021-12-21 10:38:52.943root 11241100x8000000000000000399117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37866cb355e75c3e2021-12-21 10:38:52.943root 11241100x8000000000000000399118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2acacc90954b512021-12-21 10:38:52.943root 11241100x8000000000000000399119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdfbec907c672cc2021-12-21 10:38:52.943root 11241100x8000000000000000399120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec394e241a7f8c092021-12-21 10:38:53.443root 11241100x8000000000000000399121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56836619906de42021-12-21 10:38:53.443root 11241100x8000000000000000399122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c07c862095927c2021-12-21 10:38:53.443root 11241100x8000000000000000399123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eae7bb1d761b4b2021-12-21 10:38:53.443root 11241100x8000000000000000399124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f50b301a529efa2021-12-21 10:38:53.443root 11241100x8000000000000000399125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6aa9c784d2bf5c2021-12-21 10:38:53.443root 11241100x8000000000000000399126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b029f54e0a4c52532021-12-21 10:38:53.443root 11241100x8000000000000000399127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398eee2a5b1869e42021-12-21 10:38:53.443root 11241100x8000000000000000399128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451f9cae18254fff2021-12-21 10:38:53.444root 11241100x8000000000000000399129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4b9ca15551e952021-12-21 10:38:53.943root 11241100x8000000000000000399130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f72d50a75f25b12021-12-21 10:38:53.944root 11241100x8000000000000000399131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ffd51d8c8d97372021-12-21 10:38:53.944root 11241100x8000000000000000399132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba59b7c46fc8b45c2021-12-21 10:38:53.944root 11241100x8000000000000000399133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7673e83b772b628e2021-12-21 10:38:53.944root 11241100x8000000000000000399134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77320e98179ce4fa2021-12-21 10:38:53.944root 11241100x8000000000000000399135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743f8a5e140cd9532021-12-21 10:38:53.944root 11241100x8000000000000000399136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0388248ebf5527752021-12-21 10:38:53.944root 11241100x8000000000000000399137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc89ddc5f48059432021-12-21 10:38:53.944root 11241100x8000000000000000399138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f54faa45ad95252021-12-21 10:38:54.443root 11241100x8000000000000000399139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc0f6f6b71f69942021-12-21 10:38:54.443root 11241100x8000000000000000399140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbfcae1c330d28c2021-12-21 10:38:54.443root 11241100x8000000000000000399141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166123f9b7125dfd2021-12-21 10:38:54.443root 11241100x8000000000000000399142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0229b3a9abd07002021-12-21 10:38:54.443root 11241100x8000000000000000399143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53049e9d83b3d7362021-12-21 10:38:54.443root 11241100x8000000000000000399144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792a7e4758e45672021-12-21 10:38:54.443root 11241100x8000000000000000399145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c2f97cc938a5bd2021-12-21 10:38:54.443root 11241100x8000000000000000399146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3add28a8dd3cf0d2021-12-21 10:38:54.444root 11241100x8000000000000000399147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375d76a74eeac1c72021-12-21 10:38:54.943root 11241100x8000000000000000399148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52b33dbbe6434c52021-12-21 10:38:54.943root 11241100x8000000000000000399149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f0ffe97fe76d152021-12-21 10:38:54.943root 11241100x8000000000000000399150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369e345df852b712021-12-21 10:38:54.943root 11241100x8000000000000000399151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb2da8d461e80592021-12-21 10:38:54.943root 11241100x8000000000000000399152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb1a0a69a6d69632021-12-21 10:38:54.943root 11241100x8000000000000000399153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbc6438cce03b1a2021-12-21 10:38:54.944root 11241100x8000000000000000399154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f7a8ab43a049e32021-12-21 10:38:54.944root 11241100x8000000000000000399155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f666dd87743e33f72021-12-21 10:38:54.944root 11241100x8000000000000000399156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d2222a433f0ad12021-12-21 10:38:55.443root 11241100x8000000000000000399157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06a73c3e11db4a02021-12-21 10:38:55.443root 11241100x8000000000000000399158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb64beaf8b5e9862021-12-21 10:38:55.443root 11241100x8000000000000000399159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041c34f86affd5d42021-12-21 10:38:55.444root 11241100x8000000000000000399160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045ec3c5763cd70d2021-12-21 10:38:55.444root 11241100x8000000000000000399161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019c12c79097625f2021-12-21 10:38:55.444root 11241100x8000000000000000399162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6624ef8becc3065c2021-12-21 10:38:55.444root 11241100x8000000000000000399163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e380676905c2c2021-12-21 10:38:55.444root 11241100x8000000000000000399164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f84851c576c462021-12-21 10:38:55.444root 11241100x8000000000000000399165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873025708c0beb682021-12-21 10:38:55.943root 11241100x8000000000000000399166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9c2b4a4faa460b2021-12-21 10:38:55.943root 11241100x8000000000000000399167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fa7009179d65b12021-12-21 10:38:55.943root 11241100x8000000000000000399168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842e23e426b97f122021-12-21 10:38:55.943root 11241100x8000000000000000399169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192a406900745c02021-12-21 10:38:55.943root 11241100x8000000000000000399170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0863a8c33f398b2021-12-21 10:38:55.943root 11241100x8000000000000000399171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe5c971c30054c42021-12-21 10:38:55.943root 11241100x8000000000000000399172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1124cfc4590387912021-12-21 10:38:55.943root 11241100x8000000000000000399173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8e49bfcf6610d22021-12-21 10:38:55.943root 11241100x8000000000000000399174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505dd4fab03fce12021-12-21 10:38:56.443root 11241100x8000000000000000399175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fa6c03e9b8f3402021-12-21 10:38:56.444root 11241100x8000000000000000399176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c03dee4d861b9e2021-12-21 10:38:56.444root 11241100x8000000000000000399177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff948f6ba911ba452021-12-21 10:38:56.444root 11241100x8000000000000000399178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78acf9e9985e026b2021-12-21 10:38:56.444root 11241100x8000000000000000399179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fb3afb2d253d8a2021-12-21 10:38:56.444root 11241100x8000000000000000399180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0bc55c328f7b132021-12-21 10:38:56.444root 11241100x8000000000000000399181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4681560f4b4320492021-12-21 10:38:56.444root 11241100x8000000000000000399182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1cbe79964348402021-12-21 10:38:56.444root 11241100x8000000000000000399183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df14db6277fc4172021-12-21 10:38:56.943root 11241100x8000000000000000399184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69847798363eccc32021-12-21 10:38:56.943root 11241100x8000000000000000399185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d6c68dbe218c322021-12-21 10:38:56.943root 11241100x8000000000000000399186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0409f3baf9c656c2021-12-21 10:38:56.943root 11241100x8000000000000000399187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0268323aba3e9912021-12-21 10:38:56.943root 11241100x8000000000000000399188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4979ce445e81b1a2021-12-21 10:38:56.943root 11241100x8000000000000000399189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012ccc5bc7dcaaab2021-12-21 10:38:56.943root 11241100x8000000000000000399190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b0541f02a315902021-12-21 10:38:56.943root 11241100x8000000000000000399191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084546b46819e9462021-12-21 10:38:56.944root 11241100x8000000000000000399192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a734a5687655a6d2021-12-21 10:38:57.443root 11241100x8000000000000000399193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6d21fb9672251a2021-12-21 10:38:57.443root 11241100x8000000000000000399194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3730f34747816bfb2021-12-21 10:38:57.443root 11241100x8000000000000000399195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c9dfe41e1e4b852021-12-21 10:38:57.443root 11241100x8000000000000000399196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a29feb1d90a13492021-12-21 10:38:57.443root 11241100x8000000000000000399197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963860ed687314902021-12-21 10:38:57.443root 11241100x8000000000000000399198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c06d1285eed0f42021-12-21 10:38:57.443root 11241100x8000000000000000399199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071f8509475d24542021-12-21 10:38:57.443root 11241100x8000000000000000399200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6670f4c9467e342021-12-21 10:38:57.443root 11241100x8000000000000000399201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f253a8455ce5a1c22021-12-21 10:38:57.943root 11241100x8000000000000000399202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0716dd47fc024c62021-12-21 10:38:57.943root 11241100x8000000000000000399203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb07fee3680f01b2021-12-21 10:38:57.943root 11241100x8000000000000000399204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8192e5c8856ee42021-12-21 10:38:57.943root 11241100x8000000000000000399205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa89bf838a4eef4b2021-12-21 10:38:57.943root 11241100x8000000000000000399206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c09d964f2b703812021-12-21 10:38:57.943root 11241100x8000000000000000399207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db69b15c2ef79ab02021-12-21 10:38:57.943root 11241100x8000000000000000399208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88d3994e249aa3f2021-12-21 10:38:57.943root 11241100x8000000000000000399209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810e69e0e2c9a3182021-12-21 10:38:57.944root 11241100x8000000000000000399210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e58b4f7e0a66562021-12-21 10:38:58.443root 11241100x8000000000000000399211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196578262331c8712021-12-21 10:38:58.443root 11241100x8000000000000000399212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0859087f9c277e02021-12-21 10:38:58.443root 11241100x8000000000000000399213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34644b439f1f986c2021-12-21 10:38:58.443root 11241100x8000000000000000399214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6852dc39e3706c032021-12-21 10:38:58.443root 11241100x8000000000000000399215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99259ff697c677d32021-12-21 10:38:58.443root 11241100x8000000000000000399216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61063befbd907dba2021-12-21 10:38:58.443root 11241100x8000000000000000399217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c96e6c50d3a13b2021-12-21 10:38:58.443root 11241100x8000000000000000399218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d683e481a406e42021-12-21 10:38:58.443root 11241100x8000000000000000399219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918491f88799b5c32021-12-21 10:38:58.943root 11241100x8000000000000000399220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308787be42602032021-12-21 10:38:58.943root 11241100x8000000000000000399221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1bde7a1cbe1c522021-12-21 10:38:58.943root 11241100x8000000000000000399222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16a41c0d53976d12021-12-21 10:38:58.943root 11241100x8000000000000000399223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46eed51dff14ba82021-12-21 10:38:58.943root 11241100x8000000000000000399224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cab4fc1e0377212021-12-21 10:38:58.943root 11241100x8000000000000000399225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b855b657b5e52772021-12-21 10:38:58.943root 11241100x8000000000000000399226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275961429f5af6c02021-12-21 10:38:58.943root 11241100x8000000000000000399227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417853b93f305cf82021-12-21 10:38:58.943root 11241100x8000000000000000399228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d340c142093745a2021-12-21 10:38:59.443root 11241100x8000000000000000399229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a730668df1d93c82021-12-21 10:38:59.443root 11241100x8000000000000000399230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954942d2bc1814ac2021-12-21 10:38:59.443root 11241100x8000000000000000399231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e06f5a9c13a325c2021-12-21 10:38:59.443root 11241100x8000000000000000399232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d93c05f319e14a2021-12-21 10:38:59.443root 11241100x8000000000000000399233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa85e3d3aef040f2021-12-21 10:38:59.443root 11241100x8000000000000000399234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1905f5681a1400332021-12-21 10:38:59.443root 11241100x8000000000000000399235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47847452dcd916c12021-12-21 10:38:59.443root 11241100x8000000000000000399236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09444f0913340de2021-12-21 10:38:59.443root 11241100x8000000000000000399237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb26e1e84fef7d92021-12-21 10:38:59.943root 11241100x8000000000000000399238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaae9c798c6a60ca2021-12-21 10:38:59.943root 11241100x8000000000000000399239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c8e83e28bed5f62021-12-21 10:38:59.943root 11241100x8000000000000000399240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3fc7dea5bdd0322021-12-21 10:38:59.943root 11241100x8000000000000000399241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af1dc2e478eb9452021-12-21 10:38:59.943root 11241100x8000000000000000399242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937f0c75c26315fc2021-12-21 10:38:59.943root 11241100x8000000000000000399243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567c9218e9dd4ff32021-12-21 10:38:59.943root 11241100x8000000000000000399244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddda086f01e1ed22021-12-21 10:38:59.943root 11241100x8000000000000000399245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231f31b4477710082021-12-21 10:38:59.943root 11241100x8000000000000000399246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386f38e947ff9c32021-12-21 10:39:00.443root 11241100x8000000000000000399247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef6e19679fe29482021-12-21 10:39:00.443root 11241100x8000000000000000399248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacd28ff620d9d912021-12-21 10:39:00.443root 11241100x8000000000000000399249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8a481ae582d1b12021-12-21 10:39:00.443root 11241100x8000000000000000399250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060633d021d388da2021-12-21 10:39:00.443root 11241100x8000000000000000399251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca27da1b6b997902021-12-21 10:39:00.443root 11241100x8000000000000000399252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24741c453c5c5592021-12-21 10:39:00.443root 11241100x8000000000000000399253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283a5325bdc832d42021-12-21 10:39:00.443root 11241100x8000000000000000399254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce28d6c4d1f0f1b02021-12-21 10:39:00.444root 11241100x8000000000000000399255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13a4ecfc526abec2021-12-21 10:39:00.943root 11241100x8000000000000000399256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc935c81f4b375f2021-12-21 10:39:00.943root 11241100x8000000000000000399257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5e990b183f03952021-12-21 10:39:00.943root 11241100x8000000000000000399258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce202783493763502021-12-21 10:39:00.943root 11241100x8000000000000000399259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e191c9910c3d67962021-12-21 10:39:00.943root 11241100x8000000000000000399260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76da5464e9b47682021-12-21 10:39:00.943root 11241100x8000000000000000399261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cf1fd0c63042742021-12-21 10:39:00.943root 11241100x8000000000000000399262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575d0570f621cad32021-12-21 10:39:00.943root 11241100x8000000000000000399263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036bc14b88ccc8ad2021-12-21 10:39:00.943root 354300x8000000000000000399264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47402-false10.0.1.12-8000- 11241100x8000000000000000399265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fed9db6087953e2021-12-21 10:39:01.443root 11241100x8000000000000000399266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1125c9755cbf7d62021-12-21 10:39:01.443root 11241100x8000000000000000399267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcb2f4e135b75292021-12-21 10:39:01.443root 11241100x8000000000000000399268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d31638fb8c6e12021-12-21 10:39:01.443root 11241100x8000000000000000399269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45c2cc3ef2c516d2021-12-21 10:39:01.443root 11241100x8000000000000000399270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9430347c3e76099b2021-12-21 10:39:01.443root 11241100x8000000000000000399271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14c5d87078ca6062021-12-21 10:39:01.443root 11241100x8000000000000000399272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0902c9a85642efd22021-12-21 10:39:01.443root 11241100x8000000000000000399273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c9bea4494c35832021-12-21 10:39:01.443root 11241100x8000000000000000399274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5f3e8a345ca7a42021-12-21 10:39:01.443root 11241100x8000000000000000399275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2713dec1b04476b2021-12-21 10:39:01.943root 11241100x8000000000000000399276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d6ec37aad5f7652021-12-21 10:39:01.943root 11241100x8000000000000000399277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76c7cd9755093f92021-12-21 10:39:01.943root 11241100x8000000000000000399278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed623881436fad372021-12-21 10:39:01.943root 11241100x8000000000000000399279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e7e5cfa8f87752021-12-21 10:39:01.943root 11241100x8000000000000000399280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d624037d94bce2021-12-21 10:39:01.943root 11241100x8000000000000000399281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856123b4fb5582162021-12-21 10:39:01.943root 11241100x8000000000000000399282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d4e4d624fe45b02021-12-21 10:39:01.943root 11241100x8000000000000000399283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae27038f1d520652021-12-21 10:39:01.943root 11241100x8000000000000000399284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59214b4c7d7b60b12021-12-21 10:39:01.943root 11241100x8000000000000000399285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897994dc5998feb02021-12-21 10:39:02.443root 11241100x8000000000000000399286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc8fc173236e57a2021-12-21 10:39:02.443root 11241100x8000000000000000399287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d773e249e19c852021-12-21 10:39:02.443root 11241100x8000000000000000399288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e36d2c596ef1a922021-12-21 10:39:02.443root 11241100x8000000000000000399289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6dfaab9414af7e2021-12-21 10:39:02.443root 11241100x8000000000000000399290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bf3af7f783a0ed2021-12-21 10:39:02.443root 11241100x8000000000000000399291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8c8428b5f0b922021-12-21 10:39:02.443root 11241100x8000000000000000399292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ddccbc1d93cf832021-12-21 10:39:02.444root 11241100x8000000000000000399293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64eea82742c02a462021-12-21 10:39:02.444root 11241100x8000000000000000399294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931721b21d267b422021-12-21 10:39:02.444root 11241100x8000000000000000399295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3162c0e6bfbcd9442021-12-21 10:39:02.943root 11241100x8000000000000000399296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a89a70c9d2c4c2f2021-12-21 10:39:02.943root 11241100x8000000000000000399297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b17bd3aeaff54b02021-12-21 10:39:02.943root 11241100x8000000000000000399298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869efb6feb5ad7d62021-12-21 10:39:02.943root 11241100x8000000000000000399299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6236f19b81b20712021-12-21 10:39:02.943root 11241100x8000000000000000399300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c178f3b6b242e3e12021-12-21 10:39:02.944root 11241100x8000000000000000399301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1739ca8c972cc0782021-12-21 10:39:02.944root 11241100x8000000000000000399302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42927f942b53a5bc2021-12-21 10:39:02.944root 11241100x8000000000000000399303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426143a4e737763a2021-12-21 10:39:02.944root 11241100x8000000000000000399304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8e5df74df652102021-12-21 10:39:02.944root 11241100x8000000000000000399305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20888799772ea2c42021-12-21 10:39:03.443root 11241100x8000000000000000399306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e9dd37054f55c32021-12-21 10:39:03.443root 11241100x8000000000000000399307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aeca09cebdfc352021-12-21 10:39:03.443root 11241100x8000000000000000399308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5922ac837c03715f2021-12-21 10:39:03.443root 11241100x8000000000000000399309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5f3038d44066d22021-12-21 10:39:03.443root 11241100x8000000000000000399310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8123da0a9d91f5a2021-12-21 10:39:03.443root 11241100x8000000000000000399311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33a37338d4fe202021-12-21 10:39:03.443root 11241100x8000000000000000399312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a491c07df9f0a7f22021-12-21 10:39:03.443root 11241100x8000000000000000399313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e24235baa81efc2021-12-21 10:39:03.443root 11241100x8000000000000000399314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d1a4467f054d182021-12-21 10:39:03.443root 11241100x8000000000000000399315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb70c33dd57b43bb2021-12-21 10:39:03.943root 11241100x8000000000000000399316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0ed0f31f77df5c2021-12-21 10:39:03.943root 11241100x8000000000000000399317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a2c066409aa6742021-12-21 10:39:03.943root 11241100x8000000000000000399318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0c9428c78af2502021-12-21 10:39:03.943root 11241100x8000000000000000399319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5adb8b63b629c32021-12-21 10:39:03.943root 11241100x8000000000000000399320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ff931b0b6741262021-12-21 10:39:03.943root 11241100x8000000000000000399321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fb42f941aa585e2021-12-21 10:39:03.943root 11241100x8000000000000000399322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93ce504fab6e20b2021-12-21 10:39:03.943root 11241100x8000000000000000399323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04a4a6d017fc4472021-12-21 10:39:03.943root 11241100x8000000000000000399324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae9326175c7dacf2021-12-21 10:39:03.943root 11241100x8000000000000000399325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0e718ec67cd3dd2021-12-21 10:39:04.443root 11241100x8000000000000000399326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68dc9760449c86b2021-12-21 10:39:04.443root 11241100x8000000000000000399327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b2f3d40547e41b2021-12-21 10:39:04.443root 11241100x8000000000000000399328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d67192076e3c71a2021-12-21 10:39:04.443root 11241100x8000000000000000399329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a3d6b27be20a992021-12-21 10:39:04.443root 11241100x8000000000000000399330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585896a447b0a7c82021-12-21 10:39:04.443root 11241100x8000000000000000399331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7384b8fadd1e3cc92021-12-21 10:39:04.443root 11241100x8000000000000000399332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f943df8349e62d672021-12-21 10:39:04.444root 11241100x8000000000000000399333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5e880c1d9317012021-12-21 10:39:04.444root 11241100x8000000000000000399334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9321e8096881f6b62021-12-21 10:39:04.444root 11241100x8000000000000000399335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5221c83781a9ba2021-12-21 10:39:04.943root 11241100x8000000000000000399336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f179b3472085f82021-12-21 10:39:04.943root 11241100x8000000000000000399337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689a303aa307527b2021-12-21 10:39:04.943root 11241100x8000000000000000399338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523aebeb718ee2822021-12-21 10:39:04.943root 11241100x8000000000000000399339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72bf242af7f2fc82021-12-21 10:39:04.943root 11241100x8000000000000000399340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c21979600355b2021-12-21 10:39:04.943root 11241100x8000000000000000399341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc90035906a05e42021-12-21 10:39:04.943root 11241100x8000000000000000399342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66327ea4d2f592a52021-12-21 10:39:04.943root 11241100x8000000000000000399343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8b253eb063e3572021-12-21 10:39:04.943root 11241100x8000000000000000399344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8acb6899a1ca52021-12-21 10:39:04.944root 11241100x8000000000000000399345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd6fcc04b9c22752021-12-21 10:39:05.443root 11241100x8000000000000000399346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ff92ee80f9cee82021-12-21 10:39:05.443root 11241100x8000000000000000399347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dd088e3b5ea0942021-12-21 10:39:05.443root 11241100x8000000000000000399348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9800a13179116f32021-12-21 10:39:05.443root 11241100x8000000000000000399349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9415f3bb4df76a012021-12-21 10:39:05.443root 11241100x8000000000000000399350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973536855effd5862021-12-21 10:39:05.443root 11241100x8000000000000000399351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5516ed541989dbac2021-12-21 10:39:05.443root 11241100x8000000000000000399352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac97925129eeafc42021-12-21 10:39:05.443root 11241100x8000000000000000399353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba8dac08a11d57c2021-12-21 10:39:05.444root 11241100x8000000000000000399354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e068291063e5eacd2021-12-21 10:39:05.444root 11241100x8000000000000000399355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9220e261a9ca0d02021-12-21 10:39:05.943root 11241100x8000000000000000399356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a1221176c40ce62021-12-21 10:39:05.943root 11241100x8000000000000000399357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae3b6b1629a38bb2021-12-21 10:39:05.943root 11241100x8000000000000000399358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3707c00e8195c6a62021-12-21 10:39:05.943root 11241100x8000000000000000399359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a817fb273efcb7392021-12-21 10:39:05.943root 11241100x8000000000000000399360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec445b1babbf4932021-12-21 10:39:05.943root 11241100x8000000000000000399361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0249296a1bca52021-12-21 10:39:05.943root 11241100x8000000000000000399362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a35eb091d3bdf002021-12-21 10:39:05.944root 11241100x8000000000000000399363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f63c29f8fffa02021-12-21 10:39:05.944root 11241100x8000000000000000399364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b4ca9a5d7c51672021-12-21 10:39:05.944root 354300x8000000000000000399365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.190{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47404-false10.0.1.12-8000- 11241100x8000000000000000399366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:39:06.345root 11241100x8000000000000000399367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab23d9914af22e732021-12-21 10:39:06.346root 11241100x8000000000000000399368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9566a6a3a45d232021-12-21 10:39:06.346root 11241100x8000000000000000399369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977ebca08b200b602021-12-21 10:39:06.346root 11241100x8000000000000000399370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36b4db269e575a32021-12-21 10:39:06.346root 11241100x8000000000000000399371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56643e73995c00a2021-12-21 10:39:06.346root 11241100x8000000000000000399372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8460954397b7c752021-12-21 10:39:06.346root 11241100x8000000000000000399373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4d458eb82ae2d2021-12-21 10:39:06.346root 11241100x8000000000000000399374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06539310ed4d1c9c2021-12-21 10:39:06.346root 11241100x8000000000000000399375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8136a49d193c53532021-12-21 10:39:06.347root 11241100x8000000000000000399376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f15beb01e4fb312021-12-21 10:39:06.347root 11241100x8000000000000000399377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9ee5bce3ad755d2021-12-21 10:39:06.347root 11241100x8000000000000000399378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f3d48cec445dfb2021-12-21 10:39:06.347root 11241100x8000000000000000399379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cba80087277a9b2021-12-21 10:39:06.693root 11241100x8000000000000000399380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6232cb1fc8a8f8202021-12-21 10:39:06.693root 11241100x8000000000000000399381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fcd54b956557802021-12-21 10:39:06.693root 11241100x8000000000000000399382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597253b9b53cf2732021-12-21 10:39:06.693root 11241100x8000000000000000399383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e3a11e6acfc292021-12-21 10:39:06.693root 11241100x8000000000000000399384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca31730ed78afefe2021-12-21 10:39:06.693root 11241100x8000000000000000399385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8235534a7d112d42021-12-21 10:39:06.693root 11241100x8000000000000000399386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd6d1474e026b682021-12-21 10:39:06.694root 11241100x8000000000000000399387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f82d2581e8eee5e2021-12-21 10:39:06.694root 11241100x8000000000000000399388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908d8615e00452152021-12-21 10:39:06.694root 11241100x8000000000000000399389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f148bf22fb3b8292021-12-21 10:39:06.694root 11241100x8000000000000000399390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b7370dbf83f2d2021-12-21 10:39:06.694root 11241100x8000000000000000399391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eccce4bba697d52021-12-21 10:39:07.193root 11241100x8000000000000000399392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bf64cd1c38d7772021-12-21 10:39:07.193root 11241100x8000000000000000399393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f240d9238c0e232021-12-21 10:39:07.193root 11241100x8000000000000000399394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c508ecd77f3b9572021-12-21 10:39:07.193root 11241100x8000000000000000399395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc77503a02e9ef532021-12-21 10:39:07.193root 11241100x8000000000000000399396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e616846f42d9ea2021-12-21 10:39:07.193root 11241100x8000000000000000399397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc524217581360d62021-12-21 10:39:07.193root 11241100x8000000000000000399398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b6560248362e912021-12-21 10:39:07.194root 11241100x8000000000000000399399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1aae24db01e3fef2021-12-21 10:39:07.194root 11241100x8000000000000000399400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcf3266793e4b072021-12-21 10:39:07.194root 11241100x8000000000000000399401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10f0ecee19ef5d2021-12-21 10:39:07.194root 11241100x8000000000000000399402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bec23f23cc85062021-12-21 10:39:07.194root 11241100x8000000000000000399403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dafded60f5c31632021-12-21 10:39:07.693root 11241100x8000000000000000399404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0062cf74f65d6412021-12-21 10:39:07.693root 11241100x8000000000000000399405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd7d828035747a62021-12-21 10:39:07.693root 11241100x8000000000000000399406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9dd97e1948b25f2021-12-21 10:39:07.693root 11241100x8000000000000000399407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adeee74842de6e92021-12-21 10:39:07.693root 11241100x8000000000000000399408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4ed587263990c12021-12-21 10:39:07.693root 11241100x8000000000000000399409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5088f7c930f30a422021-12-21 10:39:07.693root 11241100x8000000000000000399410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cf9588d8f9274f2021-12-21 10:39:07.694root 11241100x8000000000000000399411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540bcae090f184932021-12-21 10:39:07.694root 11241100x8000000000000000399412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95fb4d0ee23e22f2021-12-21 10:39:07.694root 11241100x8000000000000000399413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9208b2d0cf70582021-12-21 10:39:07.694root 11241100x8000000000000000399414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e626aef14ceb6502021-12-21 10:39:07.694root 11241100x8000000000000000399415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53341a02f6738e42021-12-21 10:39:08.193root 11241100x8000000000000000399416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c84c4a4bacd70d2021-12-21 10:39:08.193root 11241100x8000000000000000399417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708169cba1615b7d2021-12-21 10:39:08.193root 11241100x8000000000000000399418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e3677c51b1dba52021-12-21 10:39:08.193root 11241100x8000000000000000399419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a0725eb310ac9c2021-12-21 10:39:08.193root 11241100x8000000000000000399420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec524426e92e85272021-12-21 10:39:08.193root 11241100x8000000000000000399421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7db08a9d5430b222021-12-21 10:39:08.194root 11241100x8000000000000000399422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e67e6135bab682021-12-21 10:39:08.194root 11241100x8000000000000000399423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502f0d295161f1172021-12-21 10:39:08.194root 11241100x8000000000000000399424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2957194cce6e4a2021-12-21 10:39:08.194root 11241100x8000000000000000399425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a977eab9bcc3c82021-12-21 10:39:08.194root 11241100x8000000000000000399426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2287ead624fcc81a2021-12-21 10:39:08.194root 11241100x8000000000000000399427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa62a73811ac1d5e2021-12-21 10:39:08.693root 11241100x8000000000000000399428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aa7d5c7177b79a2021-12-21 10:39:08.693root 11241100x8000000000000000399429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb70762d498948d2021-12-21 10:39:08.693root 11241100x8000000000000000399430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2307455feedf274b2021-12-21 10:39:08.693root 11241100x8000000000000000399431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66c4afb6a312fc42021-12-21 10:39:08.694root 11241100x8000000000000000399432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717e09c80c79e4682021-12-21 10:39:08.694root 11241100x8000000000000000399433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b01590eea796592021-12-21 10:39:08.694root 11241100x8000000000000000399434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a95d7256a830d82021-12-21 10:39:08.694root 11241100x8000000000000000399435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ea1e2fbcc36c232021-12-21 10:39:08.694root 11241100x8000000000000000399436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb161cf667f0ea72021-12-21 10:39:08.694root 11241100x8000000000000000399437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac7b2b3e84606ff2021-12-21 10:39:08.694root 11241100x8000000000000000399438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca485cf0b35aba2021-12-21 10:39:08.694root 11241100x8000000000000000399439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529a84dff658f8d42021-12-21 10:39:09.193root 11241100x8000000000000000399440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51b8bb62ff150592021-12-21 10:39:09.193root 11241100x8000000000000000399441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec89108c38956c02021-12-21 10:39:09.193root 11241100x8000000000000000399442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7a6af1c6c660e02021-12-21 10:39:09.193root 11241100x8000000000000000399443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdc506382407122021-12-21 10:39:09.193root 11241100x8000000000000000399444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fa72a23a1ca8682021-12-21 10:39:09.193root 11241100x8000000000000000399445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fc23c45b7ef3062021-12-21 10:39:09.193root 11241100x8000000000000000399446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb00d1f2608936a82021-12-21 10:39:09.194root 11241100x8000000000000000399447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9b5da210598ae02021-12-21 10:39:09.194root 11241100x8000000000000000399448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d32b498621ac3082021-12-21 10:39:09.194root 11241100x8000000000000000399449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25ff0590b6caf142021-12-21 10:39:09.194root 11241100x8000000000000000399450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cee6b078a8cd472021-12-21 10:39:09.194root 23542300x8000000000000000399451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.346{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000399452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0dcb17de9e8772021-12-21 10:39:09.693root 11241100x8000000000000000399453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765fd8d51998af02021-12-21 10:39:09.693root 11241100x8000000000000000399454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70332560a85893ab2021-12-21 10:39:09.693root 11241100x8000000000000000399455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e072ffb6167fda2021-12-21 10:39:09.693root 11241100x8000000000000000399456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1003eb86ff88745e2021-12-21 10:39:09.693root 11241100x8000000000000000399457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2c0d8b26ebc6262021-12-21 10:39:09.693root 11241100x8000000000000000399458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a968c62cc6f3ad32021-12-21 10:39:09.693root 11241100x8000000000000000399459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e6620b02197b3b2021-12-21 10:39:09.694root 11241100x8000000000000000399460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0336f35792e9a2021-12-21 10:39:09.694root 11241100x8000000000000000399461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257d83aada0076722021-12-21 10:39:09.694root 11241100x8000000000000000399462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a13740eabceb342021-12-21 10:39:09.694root 11241100x8000000000000000399463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7e05bbcae07e1a2021-12-21 10:39:09.694root 11241100x8000000000000000399464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444e85a52c6458722021-12-21 10:39:09.694root 11241100x8000000000000000399465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af5ec42168ef3662021-12-21 10:39:10.193root 11241100x8000000000000000399466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3522f929b3805492021-12-21 10:39:10.193root 11241100x8000000000000000399467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93519365c31d1182021-12-21 10:39:10.193root 11241100x8000000000000000399468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6d12d46d2452672021-12-21 10:39:10.193root 11241100x8000000000000000399469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d8e7a3f4330b422021-12-21 10:39:10.193root 11241100x8000000000000000399470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a237cfbdb162c1772021-12-21 10:39:10.193root 11241100x8000000000000000399471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f750917f8f24c542021-12-21 10:39:10.194root 11241100x8000000000000000399472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fccb5629c54ad252021-12-21 10:39:10.194root 11241100x8000000000000000399473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0436b21d8b0912021-12-21 10:39:10.194root 11241100x8000000000000000399474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ed19aa34245e742021-12-21 10:39:10.194root 11241100x8000000000000000399475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfe7537cc16ea822021-12-21 10:39:10.194root 11241100x8000000000000000399476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fe24ba887425852021-12-21 10:39:10.194root 11241100x8000000000000000399477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae6e6bde83136cd2021-12-21 10:39:10.194root 11241100x8000000000000000399478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afb9de332b59cbb2021-12-21 10:39:10.693root 11241100x8000000000000000399479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b371c2250edf36d2021-12-21 10:39:10.693root 11241100x8000000000000000399480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed8a7030105a132021-12-21 10:39:10.693root 11241100x8000000000000000399481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02292cfe49618dd2021-12-21 10:39:10.693root 11241100x8000000000000000399482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d845095f34367082021-12-21 10:39:10.694root 11241100x8000000000000000399483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9323ff5675457f892021-12-21 10:39:10.694root 11241100x8000000000000000399484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66d7862fa355ee2021-12-21 10:39:10.694root 11241100x8000000000000000399485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d7aaa0995023e2021-12-21 10:39:10.694root 11241100x8000000000000000399486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703ae73b0e72b2542021-12-21 10:39:10.694root 11241100x8000000000000000399487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f7e56259f47ee12021-12-21 10:39:10.694root 11241100x8000000000000000399488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4519ebaf0022642021-12-21 10:39:10.694root 11241100x8000000000000000399489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ac8ea643b55ad02021-12-21 10:39:10.694root 11241100x8000000000000000399490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b955987bc824ce7f2021-12-21 10:39:10.694root 11241100x8000000000000000399491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25765eac5c0e58062021-12-21 10:39:11.193root 11241100x8000000000000000399492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ed31b190fa7fd02021-12-21 10:39:11.193root 11241100x8000000000000000399493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa854466e29e3d6a2021-12-21 10:39:11.193root 11241100x8000000000000000399494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f662089a0b81a32021-12-21 10:39:11.193root 11241100x8000000000000000399495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d6288f505c91ee2021-12-21 10:39:11.193root 11241100x8000000000000000399496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e5a198503324812021-12-21 10:39:11.193root 11241100x8000000000000000399497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75498bacf944d4302021-12-21 10:39:11.194root 11241100x8000000000000000399498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d07268e89800682021-12-21 10:39:11.194root 11241100x8000000000000000399499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d1ecb34abbf052021-12-21 10:39:11.194root 11241100x8000000000000000399500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ca957e6ccf30e02021-12-21 10:39:11.194root 11241100x8000000000000000399501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297ec8c90590b402021-12-21 10:39:11.194root 11241100x8000000000000000399502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf8f3ea6068db3d2021-12-21 10:39:11.194root 11241100x8000000000000000399503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755cb18f929054752021-12-21 10:39:11.194root 11241100x8000000000000000399504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3cc425c5d6d0b52021-12-21 10:39:11.693root 11241100x8000000000000000399505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1dd1014b18da3b2021-12-21 10:39:11.693root 11241100x8000000000000000399506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742825c74b0e71a2021-12-21 10:39:11.693root 11241100x8000000000000000399507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e426f2f26497f3fb2021-12-21 10:39:11.693root 11241100x8000000000000000399508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c262c84f5c53cf2021-12-21 10:39:11.693root 11241100x8000000000000000399509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d34f43ae6aad4e02021-12-21 10:39:11.693root 11241100x8000000000000000399510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78e90ec1653ae812021-12-21 10:39:11.694root 11241100x8000000000000000399511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdf53e21ef15ff32021-12-21 10:39:11.694root 11241100x8000000000000000399512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e6e977e000f022021-12-21 10:39:11.694root 11241100x8000000000000000399513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa62b76497025d2021-12-21 10:39:11.694root 11241100x8000000000000000399514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d12069eff7bdc182021-12-21 10:39:11.694root 11241100x8000000000000000399515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dca6eaf8fb9ba32021-12-21 10:39:11.694root 11241100x8000000000000000399516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ab852c470b85f2021-12-21 10:39:11.694root 354300x8000000000000000399517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.042{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47406-false10.0.1.12-8000- 11241100x8000000000000000399518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d45363eafa2437a2021-12-21 10:39:12.043root 11241100x8000000000000000399519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab326f1a6faf2aa42021-12-21 10:39:12.043root 11241100x8000000000000000399520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d42010311235a9c2021-12-21 10:39:12.043root 11241100x8000000000000000399521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93df7d40ff9453192021-12-21 10:39:12.043root 11241100x8000000000000000399522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88df512796b2ae9b2021-12-21 10:39:12.044root 11241100x8000000000000000399523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0dfedae3c6bf4c2021-12-21 10:39:12.044root 11241100x8000000000000000399524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0307089c51ea76922021-12-21 10:39:12.044root 11241100x8000000000000000399525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d24e36db3055c22021-12-21 10:39:12.044root 11241100x8000000000000000399526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50453e5db8aea412021-12-21 10:39:12.044root 11241100x8000000000000000399527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94536fc0d1f3fdf2021-12-21 10:39:12.044root 11241100x8000000000000000399528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89564a8dd654f4a82021-12-21 10:39:12.044root 11241100x8000000000000000399529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd078f65c08215752021-12-21 10:39:12.044root 11241100x8000000000000000399530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9114c943711360a2021-12-21 10:39:12.044root 11241100x8000000000000000399531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ad16a1b4ba608e2021-12-21 10:39:12.044root 11241100x8000000000000000399532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973ed4da74006ca42021-12-21 10:39:12.443root 11241100x8000000000000000399533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2607809f0a0c2fd2021-12-21 10:39:12.443root 11241100x8000000000000000399534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dc0db4b2e5b1c22021-12-21 10:39:12.443root 11241100x8000000000000000399535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3611f35fbb389732021-12-21 10:39:12.443root 11241100x8000000000000000399536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca82e79ea1de6da2021-12-21 10:39:12.444root 11241100x8000000000000000399537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a524a3aec7211f082021-12-21 10:39:12.444root 11241100x8000000000000000399538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd28cb88874129e2021-12-21 10:39:12.444root 11241100x8000000000000000399539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de91dd759a14b2672021-12-21 10:39:12.444root 11241100x8000000000000000399540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdb3e3f0390f4832021-12-21 10:39:12.444root 11241100x8000000000000000399541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892b0688224bd4eb2021-12-21 10:39:12.444root 11241100x8000000000000000399542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a8a80a7fc417d42021-12-21 10:39:12.444root 11241100x8000000000000000399543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53137a816a332e262021-12-21 10:39:12.444root 11241100x8000000000000000399544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb63e7ed2a495fde2021-12-21 10:39:12.445root 11241100x8000000000000000399545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8851ba8902a27dbc2021-12-21 10:39:12.445root 11241100x8000000000000000399546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01d1ea11cc04b612021-12-21 10:39:12.943root 11241100x8000000000000000399547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76f2bc561989d6b2021-12-21 10:39:12.943root 11241100x8000000000000000399548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e87c7318c163f02021-12-21 10:39:12.943root 11241100x8000000000000000399549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ca99df9d7fff52021-12-21 10:39:12.943root 11241100x8000000000000000399550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a07816547c940012021-12-21 10:39:12.943root 11241100x8000000000000000399551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271a625fd21bc59d2021-12-21 10:39:12.943root 11241100x8000000000000000399552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6b8ae04904bed82021-12-21 10:39:12.944root 11241100x8000000000000000399553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638d0f41d941be02021-12-21 10:39:12.944root 11241100x8000000000000000399554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceab0550116235b12021-12-21 10:39:12.944root 11241100x8000000000000000399555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba71c92eef56c5dd2021-12-21 10:39:12.944root 11241100x8000000000000000399556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4426cf5d645b42992021-12-21 10:39:12.944root 11241100x8000000000000000399557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1e4f61a42a76222021-12-21 10:39:12.944root 11241100x8000000000000000399558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48423677b266d28b2021-12-21 10:39:12.944root 11241100x8000000000000000399559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00488832049788d2021-12-21 10:39:12.944root 11241100x8000000000000000399560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e39d7934b2e0ac2021-12-21 10:39:13.443root 11241100x8000000000000000399561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ef9ea20046a47d2021-12-21 10:39:13.443root 11241100x8000000000000000399562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1d6692a50aa70e2021-12-21 10:39:13.443root 11241100x8000000000000000399563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c896ce13187a5e6a2021-12-21 10:39:13.443root 11241100x8000000000000000399564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62561dbcbcf5433f2021-12-21 10:39:13.443root 11241100x8000000000000000399565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5250edab9ec5c432021-12-21 10:39:13.443root 11241100x8000000000000000399566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5cc42479b6b84f2021-12-21 10:39:13.444root 11241100x8000000000000000399567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8604558278ae9d2021-12-21 10:39:13.444root 11241100x8000000000000000399568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e3aae8fc3927622021-12-21 10:39:13.444root 11241100x8000000000000000399569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac48f554c65b232021-12-21 10:39:13.444root 11241100x8000000000000000399570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293a5be4676ca7692021-12-21 10:39:13.444root 11241100x8000000000000000399571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078cae843419061e2021-12-21 10:39:13.444root 11241100x8000000000000000399572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f029a8775b1b65742021-12-21 10:39:13.444root 11241100x8000000000000000399573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886bc22069679f642021-12-21 10:39:13.444root 11241100x8000000000000000399574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c312989b9945402021-12-21 10:39:13.943root 11241100x8000000000000000399575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1052aa3b079d48b32021-12-21 10:39:13.943root 11241100x8000000000000000399576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798115b07d6ef7952021-12-21 10:39:13.943root 11241100x8000000000000000399577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bb0bbee8ffb2c32021-12-21 10:39:13.943root 11241100x8000000000000000399578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e94e36a72a467472021-12-21 10:39:13.943root 11241100x8000000000000000399579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677db887ab9452992021-12-21 10:39:13.943root 11241100x8000000000000000399580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59de52887861a0c2021-12-21 10:39:13.944root 11241100x8000000000000000399581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2176a34175fddc62021-12-21 10:39:13.944root 11241100x8000000000000000399582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa539a8a5842db9f2021-12-21 10:39:13.944root 11241100x8000000000000000399583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5864a57a7ab2e7572021-12-21 10:39:13.944root 11241100x8000000000000000399584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d22d58d223ccc2021-12-21 10:39:13.944root 11241100x8000000000000000399585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6110fb02720d6f2021-12-21 10:39:13.944root 11241100x8000000000000000399586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada278dd749309052021-12-21 10:39:13.944root 11241100x8000000000000000399587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5a7caa8cb61ccd2021-12-21 10:39:13.944root 11241100x8000000000000000399588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66d1eb8b6fff1bd2021-12-21 10:39:14.443root 11241100x8000000000000000399589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2e29e8efb58a022021-12-21 10:39:14.443root 11241100x8000000000000000399590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9de7ef752b6b9bf2021-12-21 10:39:14.443root 11241100x8000000000000000399591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271f6f51268944222021-12-21 10:39:14.443root 11241100x8000000000000000399592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f183ffec61001bf2021-12-21 10:39:14.443root 11241100x8000000000000000399593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4789dd8f7fd4822021-12-21 10:39:14.444root 11241100x8000000000000000399594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468c2706570bfaae2021-12-21 10:39:14.444root 11241100x8000000000000000399595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd0b2984262fcb22021-12-21 10:39:14.444root 11241100x8000000000000000399596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abbbac8ac4455e52021-12-21 10:39:14.444root 11241100x8000000000000000399597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c96685c3bce19f42021-12-21 10:39:14.444root 11241100x8000000000000000399598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ef61b0b5e4952e2021-12-21 10:39:14.445root 11241100x8000000000000000399599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51741172c8324daf2021-12-21 10:39:14.445root 11241100x8000000000000000399600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314e69838c81d9512021-12-21 10:39:14.445root 11241100x8000000000000000399601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c67a3e7da98a8402021-12-21 10:39:14.445root 11241100x8000000000000000399602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfaa99daa7191552021-12-21 10:39:14.943root 11241100x8000000000000000399603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257b5316da5eb6842021-12-21 10:39:14.943root 11241100x8000000000000000399604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a27041c49f01c0f2021-12-21 10:39:14.943root 11241100x8000000000000000399605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46cc3d30af993652021-12-21 10:39:14.943root 11241100x8000000000000000399606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4988b6469ea36152021-12-21 10:39:14.943root 11241100x8000000000000000399607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f4417312ee5ebe2021-12-21 10:39:14.944root 11241100x8000000000000000399608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b046dbf612f9677d2021-12-21 10:39:14.944root 11241100x8000000000000000399609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e93ed4706604d6f2021-12-21 10:39:14.944root 11241100x8000000000000000399610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260791b08b02b1e12021-12-21 10:39:14.944root 11241100x8000000000000000399611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0b860f00dca3372021-12-21 10:39:14.944root 11241100x8000000000000000399612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839af0425a667c3f2021-12-21 10:39:14.944root 11241100x8000000000000000399613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7411a1805a4af32021-12-21 10:39:14.944root 11241100x8000000000000000399614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf9db6291b6084a2021-12-21 10:39:14.944root 11241100x8000000000000000399615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5baccc8899e34c2021-12-21 10:39:14.944root 11241100x8000000000000000399616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6135676aca6ca51d2021-12-21 10:39:15.443root 11241100x8000000000000000399617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3915161daab0bc2021-12-21 10:39:15.443root 11241100x8000000000000000399618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72a7b4bd49a80bb2021-12-21 10:39:15.443root 11241100x8000000000000000399619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e92adc5cc7ace12021-12-21 10:39:15.443root 11241100x8000000000000000399620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286f1f457aef7e8b2021-12-21 10:39:15.443root 11241100x8000000000000000399621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbee57a8a8481ea42021-12-21 10:39:15.444root 11241100x8000000000000000399622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580dac01c0bac0a92021-12-21 10:39:15.444root 11241100x8000000000000000399623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4695bf7c00a7a72021-12-21 10:39:15.444root 11241100x8000000000000000399624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371ea04d3a3d9f5b2021-12-21 10:39:15.444root 11241100x8000000000000000399625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bf0775279e95a82021-12-21 10:39:15.444root 11241100x8000000000000000399626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a20f7c8835477c2021-12-21 10:39:15.444root 11241100x8000000000000000399627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cbb9649218735d2021-12-21 10:39:15.444root 11241100x8000000000000000399628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd76cda72b7eb8fd2021-12-21 10:39:15.444root 11241100x8000000000000000399629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8344011b9e2d8d42021-12-21 10:39:15.444root 11241100x8000000000000000399630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040dd5bfd517b2522021-12-21 10:39:15.943root 11241100x8000000000000000399631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4846fd8abfdb1ed2021-12-21 10:39:15.943root 11241100x8000000000000000399632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363944e469fdf0a52021-12-21 10:39:15.943root 11241100x8000000000000000399633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37cb62321187b9a2021-12-21 10:39:15.943root 11241100x8000000000000000399634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6b7442f4c455fb2021-12-21 10:39:15.944root 11241100x8000000000000000399635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b9ffb019466bc2021-12-21 10:39:15.944root 11241100x8000000000000000399636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae75c5b886c549f92021-12-21 10:39:15.944root 11241100x8000000000000000399637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430a278b794b47af2021-12-21 10:39:15.944root 11241100x8000000000000000399638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c1db7fc22242562021-12-21 10:39:15.944root 11241100x8000000000000000399639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae38b45bb4e98762021-12-21 10:39:15.944root 11241100x8000000000000000399640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e565e047515a2fd2021-12-21 10:39:15.944root 11241100x8000000000000000399641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b81cb6e3836cf2021-12-21 10:39:15.944root 11241100x8000000000000000399642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7fbc077ec556a22021-12-21 10:39:15.944root 11241100x8000000000000000399643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2827b42772fc93f2021-12-21 10:39:15.945root 11241100x8000000000000000399644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca71769bdda8e7a2021-12-21 10:39:16.443root 11241100x8000000000000000399645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04a2d8a894d08ae2021-12-21 10:39:16.443root 11241100x8000000000000000399646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cac34c1a001afd2021-12-21 10:39:16.443root 11241100x8000000000000000399647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc6aaa4435bf41e2021-12-21 10:39:16.443root 11241100x8000000000000000399648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27f3420dc85bff2021-12-21 10:39:16.444root 11241100x8000000000000000399649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eac19815c6dbdb52021-12-21 10:39:16.444root 11241100x8000000000000000399650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a28a01b9fa1382021-12-21 10:39:16.444root 11241100x8000000000000000399651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de3ddb66f1c0f0f2021-12-21 10:39:16.444root 11241100x8000000000000000399652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee1e5f8700c93d2021-12-21 10:39:16.444root 11241100x8000000000000000399653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c166f72e1ebed82021-12-21 10:39:16.444root 11241100x8000000000000000399654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1c4c596bd44e112021-12-21 10:39:16.445root 11241100x8000000000000000399655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13ad59e8b698ab92021-12-21 10:39:16.445root 11241100x8000000000000000399656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02287201eebc789f2021-12-21 10:39:16.445root 11241100x8000000000000000399657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831eeb21914d06872021-12-21 10:39:16.445root 11241100x8000000000000000399658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d3a3bc6b48e5552021-12-21 10:39:16.943root 11241100x8000000000000000399659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658fd8e6e4a358a12021-12-21 10:39:16.943root 11241100x8000000000000000399660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa81579c6c3bcc32021-12-21 10:39:16.943root 11241100x8000000000000000399661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cff6b15814f48be2021-12-21 10:39:16.943root 11241100x8000000000000000399662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec57bc1f1f88430c2021-12-21 10:39:16.943root 11241100x8000000000000000399663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c740b2610a01862021-12-21 10:39:16.943root 11241100x8000000000000000399664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d97a8b55ca8a3782021-12-21 10:39:16.943root 11241100x8000000000000000399665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f2a90499bd98202021-12-21 10:39:16.944root 11241100x8000000000000000399666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6ed3cc498701ce2021-12-21 10:39:16.944root 11241100x8000000000000000399667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bff2d00ff7a1e512021-12-21 10:39:16.944root 11241100x8000000000000000399668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74921b1cc2171d052021-12-21 10:39:16.944root 11241100x8000000000000000399669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8ad5c88c8b10e02021-12-21 10:39:16.944root 11241100x8000000000000000399670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b98694e1818132021-12-21 10:39:16.944root 11241100x8000000000000000399671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a852d7cf3b3fa4f2021-12-21 10:39:16.944root 354300x8000000000000000399672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.058{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47408-false10.0.1.12-8000- 11241100x8000000000000000399673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cee5362397e0cfb2021-12-21 10:39:17.443root 11241100x8000000000000000399674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f681937a5877f2021-12-21 10:39:17.443root 11241100x8000000000000000399675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baf2c10b31b18ef2021-12-21 10:39:17.444root 11241100x8000000000000000399676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a5326534c8aa162021-12-21 10:39:17.444root 11241100x8000000000000000399677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b938478208c9dadd2021-12-21 10:39:17.444root 11241100x8000000000000000399678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29d37f265c3d7922021-12-21 10:39:17.444root 11241100x8000000000000000399679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05c488519fb54932021-12-21 10:39:17.444root 11241100x8000000000000000399680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75bff1d6090248e2021-12-21 10:39:17.444root 11241100x8000000000000000399681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4e97e79034bb5c2021-12-21 10:39:17.445root 11241100x8000000000000000399682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4ad9ffd52fecfe2021-12-21 10:39:17.445root 11241100x8000000000000000399683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12024dc45634710d2021-12-21 10:39:17.445root 11241100x8000000000000000399684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a5c37b47c87f62021-12-21 10:39:17.445root 11241100x8000000000000000399685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1bc8a1af8fc1062021-12-21 10:39:17.446root 11241100x8000000000000000399686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d5542ca617f8e2021-12-21 10:39:17.446root 11241100x8000000000000000399687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd873060d8dbd8b2021-12-21 10:39:17.447root 11241100x8000000000000000399688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a9bdd6cc1562c52021-12-21 10:39:17.943root 11241100x8000000000000000399689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fb8d97371ee922021-12-21 10:39:17.943root 11241100x8000000000000000399690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f6e1ae7f58b47e2021-12-21 10:39:17.943root 11241100x8000000000000000399691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2e7b60bfdcd18a2021-12-21 10:39:17.943root 11241100x8000000000000000399692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6d5a63ec77b432021-12-21 10:39:17.944root 11241100x8000000000000000399693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f9cb1aa57841102021-12-21 10:39:17.944root 11241100x8000000000000000399694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ccea7f5afeec0b2021-12-21 10:39:17.944root 11241100x8000000000000000399695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd737388f8085c272021-12-21 10:39:17.944root 11241100x8000000000000000399696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67063fe1eae92d62021-12-21 10:39:17.944root 11241100x8000000000000000399697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd1cb0abf8110622021-12-21 10:39:17.944root 11241100x8000000000000000399698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e0c81c43e3f1972021-12-21 10:39:17.944root 11241100x8000000000000000399699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7deb3fa2cc5626d2021-12-21 10:39:17.944root 11241100x8000000000000000399700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a249e8500f8cfddf2021-12-21 10:39:17.944root 11241100x8000000000000000399701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09cf712d182998d2021-12-21 10:39:17.944root 11241100x8000000000000000399702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d789f9977d2a9a4e2021-12-21 10:39:17.945root 11241100x8000000000000000399703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c72c15f3273e82021-12-21 10:39:18.443root 11241100x8000000000000000399704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1221e507b179f6f2021-12-21 10:39:18.443root 11241100x8000000000000000399705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d35f26a1725f0e2021-12-21 10:39:18.443root 11241100x8000000000000000399706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c84e3ff2f38ff2021-12-21 10:39:18.443root 11241100x8000000000000000399707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463f78b111cfbb732021-12-21 10:39:18.443root 11241100x8000000000000000399708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32e41da52edef8c2021-12-21 10:39:18.444root 11241100x8000000000000000399709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aa42d262f1798d2021-12-21 10:39:18.444root 11241100x8000000000000000399710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e6e2c0a73ee4942021-12-21 10:39:18.444root 11241100x8000000000000000399711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629ce6dbfb9b4c92021-12-21 10:39:18.444root 11241100x8000000000000000399712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95677b6367b0d11f2021-12-21 10:39:18.444root 11241100x8000000000000000399713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce9e88c82f1f7be2021-12-21 10:39:18.444root 11241100x8000000000000000399714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c039d2b053604f2021-12-21 10:39:18.444root 11241100x8000000000000000399715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b1a4cf8d664bf92021-12-21 10:39:18.444root 11241100x8000000000000000399716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd71d58b45d89ba2021-12-21 10:39:18.445root 11241100x8000000000000000399717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e3fb0bb8c70a2b2021-12-21 10:39:18.445root 11241100x8000000000000000399718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2ec12bf2e1bb442021-12-21 10:39:18.943root 11241100x8000000000000000399719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c31283de79b5d2021-12-21 10:39:18.943root 11241100x8000000000000000399720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756121ea26b98ac92021-12-21 10:39:18.943root 11241100x8000000000000000399721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7136440d5ba7ce02021-12-21 10:39:18.943root 11241100x8000000000000000399722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ae86a2b7e8b0612021-12-21 10:39:18.944root 11241100x8000000000000000399723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabbb56d3a40e2aa2021-12-21 10:39:18.944root 11241100x8000000000000000399724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c187b02ff80c3ac22021-12-21 10:39:18.944root 11241100x8000000000000000399725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534dbfacda5bc63f2021-12-21 10:39:18.944root 11241100x8000000000000000399726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501c209a175b4d3c2021-12-21 10:39:18.944root 11241100x8000000000000000399727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad67a89afbedd782021-12-21 10:39:18.944root 11241100x8000000000000000399728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272a625ce246ae002021-12-21 10:39:18.944root 11241100x8000000000000000399729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc85c40111df34832021-12-21 10:39:18.944root 11241100x8000000000000000399730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef729e1505ce55e62021-12-21 10:39:18.945root 11241100x8000000000000000399731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bed80a5cc2ce452021-12-21 10:39:18.945root 11241100x8000000000000000399732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1bd0be2746c5ce2021-12-21 10:39:18.945root 11241100x8000000000000000399733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a1c18128eb9dbf2021-12-21 10:39:19.443root 11241100x8000000000000000399734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46b88372f13ac3a2021-12-21 10:39:19.443root 11241100x8000000000000000399735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffc51efd082d83e2021-12-21 10:39:19.443root 11241100x8000000000000000399736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3500332f67c7137e2021-12-21 10:39:19.443root 11241100x8000000000000000399737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2bb978ae53695e2021-12-21 10:39:19.443root 11241100x8000000000000000399738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b198fdfec8f9162021-12-21 10:39:19.443root 11241100x8000000000000000399739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1885c887a44e82122021-12-21 10:39:19.443root 11241100x8000000000000000399740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfa3a8d4a1e06682021-12-21 10:39:19.444root 11241100x8000000000000000399741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481224b1318c0622021-12-21 10:39:19.444root 11241100x8000000000000000399742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7463c350207b8b2021-12-21 10:39:19.444root 11241100x8000000000000000399743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10601e4c06fdfb8d2021-12-21 10:39:19.444root 11241100x8000000000000000399744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16719bd1213c0b62021-12-21 10:39:19.444root 11241100x8000000000000000399745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1397b012b15bbbd62021-12-21 10:39:19.444root 11241100x8000000000000000399746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbb8c6823cbb7172021-12-21 10:39:19.444root 11241100x8000000000000000399747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c08bf641fdc052021-12-21 10:39:19.444root 11241100x8000000000000000399748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e30e77bef48b38a2021-12-21 10:39:19.943root 11241100x8000000000000000399749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2980c762a995a4d02021-12-21 10:39:19.943root 11241100x8000000000000000399750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57019fdd76850a2021-12-21 10:39:19.943root 11241100x8000000000000000399751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72d9d409a6ced152021-12-21 10:39:19.943root 11241100x8000000000000000399752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f99e18e6731312021-12-21 10:39:19.943root 11241100x8000000000000000399753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88418d833a171962021-12-21 10:39:19.944root 11241100x8000000000000000399754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0472a32698a5ee12021-12-21 10:39:19.944root 11241100x8000000000000000399755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55bbaba7f531c062021-12-21 10:39:19.944root 11241100x8000000000000000399756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351069dfb16b6c2a2021-12-21 10:39:19.944root 11241100x8000000000000000399757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462615531cbf5f552021-12-21 10:39:19.944root 11241100x8000000000000000399758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8449a0e01e861c9d2021-12-21 10:39:19.944root 11241100x8000000000000000399759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62881f2700cd36a52021-12-21 10:39:19.944root 11241100x8000000000000000399760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c3c24b4064967b2021-12-21 10:39:19.944root 11241100x8000000000000000399761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110e31c5cc5211b12021-12-21 10:39:19.944root 11241100x8000000000000000399762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa098eb49c8df38d2021-12-21 10:39:19.945root 11241100x8000000000000000399763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e74b03b77f229002021-12-21 10:39:20.443root 11241100x8000000000000000399764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3530f5a98bef99e2021-12-21 10:39:20.443root 11241100x8000000000000000399765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5c46021da99ba02021-12-21 10:39:20.443root 11241100x8000000000000000399766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1cc72878ab3ae22021-12-21 10:39:20.443root 11241100x8000000000000000399767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672a079502cdecf2021-12-21 10:39:20.443root 11241100x8000000000000000399768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587528cd04ad5d172021-12-21 10:39:20.444root 11241100x8000000000000000399769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8be99d27559a452021-12-21 10:39:20.444root 11241100x8000000000000000399770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6628234f44e6f4032021-12-21 10:39:20.444root 11241100x8000000000000000399771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f8f768b823232a2021-12-21 10:39:20.444root 11241100x8000000000000000399772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde60d00651ac3c82021-12-21 10:39:20.444root 11241100x8000000000000000399773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf4a617b0e1a94c2021-12-21 10:39:20.444root 11241100x8000000000000000399774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1aed5f002bf112021-12-21 10:39:20.444root 11241100x8000000000000000399775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740de7ed866f48b02021-12-21 10:39:20.444root 11241100x8000000000000000399776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc5b166fc834c242021-12-21 10:39:20.445root 11241100x8000000000000000399777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440c488e79a23a9a2021-12-21 10:39:20.445root 11241100x8000000000000000399778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bb11cc7a65d1042021-12-21 10:39:20.943root 11241100x8000000000000000399779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b7b0c6577dcf72021-12-21 10:39:20.943root 11241100x8000000000000000399780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1c82bf3b0b9f1c2021-12-21 10:39:20.943root 11241100x8000000000000000399781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124dfb87607a54e2021-12-21 10:39:20.943root 11241100x8000000000000000399782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2ae21974d29ca92021-12-21 10:39:20.943root 11241100x8000000000000000399783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d1726d33f2a9382021-12-21 10:39:20.943root 11241100x8000000000000000399784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cceb9726c5732282021-12-21 10:39:20.943root 11241100x8000000000000000399785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31c936430ec98b22021-12-21 10:39:20.944root 11241100x8000000000000000399786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d538f035e2cd42021-12-21 10:39:20.944root 11241100x8000000000000000399787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2784bf3b5fe5dc422021-12-21 10:39:20.944root 11241100x8000000000000000399788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07365259fd8c91a32021-12-21 10:39:20.944root 11241100x8000000000000000399789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f71a1128ad4fbc82021-12-21 10:39:20.944root 11241100x8000000000000000399790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11315792c62d11ee2021-12-21 10:39:20.944root 11241100x8000000000000000399791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44a1db3544101c72021-12-21 10:39:20.944root 11241100x8000000000000000399792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24b798dcf5b3c442021-12-21 10:39:20.944root 11241100x8000000000000000399793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2de674592ae8a2021-12-21 10:39:21.443root 11241100x8000000000000000399794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f642e26fb2547e2021-12-21 10:39:21.443root 11241100x8000000000000000399795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c28dc43fe8bf20e2021-12-21 10:39:21.443root 11241100x8000000000000000399796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e9103e278d36b42021-12-21 10:39:21.443root 11241100x8000000000000000399797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afaf62ba7a82d912021-12-21 10:39:21.443root 11241100x8000000000000000399798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424574cadfefa6082021-12-21 10:39:21.443root 11241100x8000000000000000399799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f0add8195b2af2021-12-21 10:39:21.443root 11241100x8000000000000000399800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598eb33457f7886d2021-12-21 10:39:21.444root 11241100x8000000000000000399801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6af76421650d172021-12-21 10:39:21.444root 11241100x8000000000000000399802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4656c2738445d2052021-12-21 10:39:21.444root 11241100x8000000000000000399803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bca0c2933e38e22021-12-21 10:39:21.444root 11241100x8000000000000000399804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6203533b6cb53712021-12-21 10:39:21.444root 11241100x8000000000000000399805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2028f5d2bf37daf52021-12-21 10:39:21.444root 11241100x8000000000000000399806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9a84adffeb23462021-12-21 10:39:21.444root 11241100x8000000000000000399807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8c3f67616f637a2021-12-21 10:39:21.444root 11241100x8000000000000000399808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ea0419ebc90102021-12-21 10:39:21.943root 11241100x8000000000000000399809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b15921c123aa632021-12-21 10:39:21.943root 11241100x8000000000000000399810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f3403727c9e7122021-12-21 10:39:21.943root 11241100x8000000000000000399811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b21add6926b002021-12-21 10:39:21.943root 11241100x8000000000000000399812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c2cd38621c61a52021-12-21 10:39:21.943root 11241100x8000000000000000399813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5153a06140fccd72021-12-21 10:39:21.943root 11241100x8000000000000000399814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433054689b5013e02021-12-21 10:39:21.943root 11241100x8000000000000000399815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261d6a069562cb2f2021-12-21 10:39:21.944root 11241100x8000000000000000399816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0c014f831fa0712021-12-21 10:39:21.944root 11241100x8000000000000000399817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b383ab5757c12a2021-12-21 10:39:21.944root 11241100x8000000000000000399818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89604dab40e3ea1d2021-12-21 10:39:21.944root 11241100x8000000000000000399819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba1b04c573923532021-12-21 10:39:21.944root 11241100x8000000000000000399820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cd5736ae93a3362021-12-21 10:39:21.944root 11241100x8000000000000000399821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c922485e1a8d87672021-12-21 10:39:21.944root 11241100x8000000000000000399822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9f931625b65c272021-12-21 10:39:21.944root 354300x8000000000000000399823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47410-false10.0.1.12-8000- 11241100x8000000000000000399824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4c2ab7b3149e702021-12-21 10:39:22.443root 11241100x8000000000000000399825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b41dd6097550712021-12-21 10:39:22.443root 11241100x8000000000000000399826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1cd394b2cb105b2021-12-21 10:39:22.443root 11241100x8000000000000000399827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35da1b48b3b1409a2021-12-21 10:39:22.444root 11241100x8000000000000000399828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e763720f2874532021-12-21 10:39:22.444root 11241100x8000000000000000399829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4a263c2304295a2021-12-21 10:39:22.444root 11241100x8000000000000000399830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad74244c6e9c7f912021-12-21 10:39:22.444root 11241100x8000000000000000399831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e88f16d8e2ca0e12021-12-21 10:39:22.444root 11241100x8000000000000000399832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b346303b8c1932021-12-21 10:39:22.444root 11241100x8000000000000000